Sharing secret data between multiple containers

What is claimed is: 1. A method for sharing secret data among multiple containers, the method comprising: in response to initial booting of a first operating system instance in a container, generating a first unique operating system identifier for the first operating system instance; storing, by a grant authority, the first unique operating system identifier in a reserved area of a secure storage device; in response to a request from the operating system instance to access secret data in the secure storage device, determining, by the grant authority, the first unique operating system identifier is stored in the secure storage device; granting the operating system instance access to secret data in a non-reserved area of the secure storage device; in response to initial booting of a second operating system instance in a second container, generating a second unique operating system identifier for the second operating system instance; in response to a request to access secret data in the secure storage device, storing, by the grant authority, the second unique operating system identifier in the reserved area of the secure storage device; in response to a request from the second operating system instance to access secret data in the secure storage device, determining, by the grant authority, the unique operating system identifier for the second operating system instance is stored in the secure storage device; and granting the second operating system instance access to secret data in the non-reserved area of the secure storage device. 2. The method according to claim 1 , further comprising: in response to a request to remove the assignment of the second operating system instance from the secure storage device, deleting, by the grant authority, the second unique identifier for the second operating system from the reserved area in the secure storage device. 3. The method according to claim 1 , wherein the multiple containers include a plurality of virtual machines, wherein at least one virtual machine of the plurality is managed by a hypervisor. 4. The method according to claim 1 , wherein the secure storage device includes a hardware security module with a memory. 5. The method according to claim 4 , wherein the secret data are stored in at least one domain of the hardware security module, wherein the request from the first operating system instance to access the secret data is a request to assign a domain to the first operating system instance, wherein the first and second unique operating system identifiers are stored in a reserved area of the domain on the hardware security module; and wherein granting access to first and the second operating system instance is granting access to secret data in the non-reserved area of the first domain. 6. The method according to claim 4 , further comprising: in response to a request to remove the assignment of the second operating system instance from a domain on the hardware security module, deleting, by the grant authority, the second unique identifier for the operating system from the reserved area in the domain. 7. The method according to claim 4 , wherein a domain on the hardware security module is marked as shared by: setting a trusted key entry flag to an “add” state; and marking the domain as shared in a shared domain mask. 8. The method according to claim 4 , further comprising: creating secure binding data together with the first unique operating system identifier in the reserved area in a domain on the hardware security module; and setting a shared flag for the domain. 9. The method according to claim 5 , wherein granting access for the first operating system instance to the secret data in the non-reserved area of the domain further comprises: presenting the first unique operating system identifier to the grant authority; and setting, by the grant authority, a trusted key entry flag to a “locked” state. 10. The method according to claim 8 , wherein a firmware of a computer system provides secure binding data to the hardware security module for verification. 11. The method according to claim 8 , further comprising: removing the assignment of the second operating system instance from a domain on the hardware security module by: deleting secure binding data from the reserved area; verifying that the secret data has only been accessed by the second operating system instance; and removing the secret data from the hardware security module. 12. The method according to claim 4 , wherein the grant authority allows sharing of domains by providing respective unique operating system identifiers of the domains. 13. The method according to claim 8 , further comprising: in response to the request for initial booting of the first operating system in a virtual machine, checking the shared flag by verifying that secure binding data matches the first unique identifier of the requesting operating system instance; and granting access to the secret data. 14. The method according to claim 10 , wherein the firmware stores a set of unique operating system identifiers in a domain control block. 15. The method according to claim 13 , wherein the firmware reads the set of unique operating system identifiers from the domain control block and routes replies from the hardware security module to the virtual machines, according to the set of unique operating system identifiers. 16. The method according to claim 1 , further comprising: generating a secure hash for the first operating system instance based on the first unique identifier of the operating system instance and domain specific cryptographic configuration data; and using the secure hash to determine whether to grant access to the secret data. 17. The method according to claim 16 , wherein a system firmware key is used for generating the secure hash. 18. The method according to claim 16 , wherein cryptographic configuration data of a virtual machine is stored as the secure hash in the domain of the hardware security module. 19. A system for sharing secret data among multiple containers, the system comprising: a memory; and a processor in communication with the memory, wherein the computer system is configured to: in response to initial booting of a first operating system instance in a container, generating a first unique operating system identifier for the first operating system instance; storing, by a grant authority, the first unique operating system identifier in a reserved area of a secure storage device; in response to a request from the operating system instance to access secret data in the secure storage device, determining, by the grant authority, the first unique operating system identifier is stored in the secure storage device; granting the operating system instance access to secret data in a non-reserved area of the secure storage device; in response to initial booting of a second operating system instance in a second container, generating a second unique operating system identifier for the second operating system instance; in response to a request to access secret data in the secure storage device, storing, by the grant authority, the second unique operating system identifier in the reserved area of the secure storage device; in response to a request from the second operating system instance to access secret data in the secure storage device, determining, by the grant authority, the unique operating system identifier for the second operating system instance is stored in the secure storage device; and granting t