Support Spire as a TrustSource #2
Assignees
Comments
|
Nice! One way to do this might be to connect to the SPIRE server bundle endpoint... It will require that the plugin know how to authenticate the endpoint's server certificate, though. Another way to do it could be using the workload api, exposed by a local agent... In this case, vault would be the workload, and you could provide it with bundles from multiple trust domains via federation. |
|
Regarding connecting to the workload api, there's saved code in this note doing just that. I'd put it together just as a sanity check and it works as expected. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The plugin is designed to support multiple sources of trust used to verify SVIDs but currently the only implemented one is TrustFileSource.
Purpose: Track the implementation of a
TrustSpireSource.Goal
The goal of this to support Spire as a live source of trust for the plugin. The final implementation should be able to connect to one or more instances of Spire (via local agents or otherwise) in order to receive from Spire the known trust CAs that SVIDs can be verified against.
The text was updated successfully, but these errors were encountered: