Comments (3)
Thanks for opening this @InverseIntegral ❤️
I think there's a clear use case for Vault-based KeyManager on SPIRE Server .. I took the liberty of updating this issue title to reflect that. Use case around SPIRE Agent plugin for this is a little more hazy to me, so I'd like to suggest you create a new issue for that if you're interested, there will probably be some questions there.
In terms of moving this contribution forward, the best resource will be the SPIRE channel in SPIFFE slack .. post a message there that you're trying to author a plugin and someone can help. You can see current plugin implementations here and SDK containing the protos and utils for building out-of-tree plugins here
from spire.
@InverseIntegral if you're still willing to carry this forward please let me know and I'll assign the issue to you. You can find me on SPIFFE slack as well. Thank you!! 🙏
from spire.
@evan2645 Thanks for getting back to me. Yes, my intention was to implement this for the SPIRE server first. I've also thought about a use-case for a similar plugin for the SPIRE agent but that would require a separate issue. I would love to work on this once I'm back home from my extended holidays, so feel free to assign the issue to me 🙂 And thank you for the pointers to previous plugin implementations!
from spire.
Related Issues (20)
- Nested SPIRE Architecture, NestedA workload invoke NestedB worload error in one case. HOT 6
- server, agent: Allow specifying CA when fetching bundles HOT 3
- Release SPIRE v1.10.1
- spire-agent health check report spire_agent_rpc_workload_api_fetch_x509_bundles{status="PermissionDenied"} metrics HOT 1
- ReplayMissedEvents Incorrectly assumes autoincrement value of 1 for all deployments. HOT 1
- [Event-based entry cache] replayMissedEvents queries DB in loop for every missed ID HOT 4
- [Event-based entry cache] New server config for `sql_transaction_timeout` is not propagated to endpoints config
- 929 SDS connections for stress testing, Spire agent experience memory leaks. HOT 5
- Filter cache update reads to only read each entry once, when an entry has two events in the same refresh cycle. HOT 1
- RFC: Hybrid Node Attestor
- Enable SyncAuthorizedEntries by default
- The spire-agent k8s workload attestor wont refresh kubelet ca if it changes on disk HOT 2
- Force rotation of intermediates using a tainted authority
- Feature to delete individual keys from trust bundle HOT 4
- Document SyncAuthorizedEntries experimental flag in agent
- Remove public key from stored slots
- Propagation of the tainted bit in bundleutil and server/api functions
- s3 bundlePublisher for other implementations
- Allow enabling the LocalAuthority API and related CLI commands through the `forced_rotation` feature flag
- Allow enabling the LocalAuthority API and related CLI commands through an experimental setting instead of a feature flag
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spire.