Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

require an explict setting for signer (rekor & fulcio) rather than an implicit default of memory #815

Open
bobcallaway opened this issue Aug 21, 2024 · 1 comment
Open

require an explict setting for signer (rekor & fulcio) rather than an implicit default of memory #815

bobcallaway opened this issue Aug 21, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@bobcallaway
Copy link
Member

Description

We've had several users be surprised by the behavior of both rekor & fulcio (as deployed by the helm charts) where the default signer is the memory option - this is nice for testing purposes, but not great for actual deployments where you would want a longer-lived key to be used (via KMS, HSM, etc).

We should remove the implicit default and require users to explicitly select one.
@bobcallaway bobcallaway added the enhancement New feature or request label Aug 21, 2024
@vipulagarwal
Copy link
Contributor

vipulagarwal commented Aug 21, 2024
edited
Loading

I can work on adding rekor-createsecret job to rekor helm chart that will use the new image fixed here. This can be a better default for rekor signer compared to memory.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vipulagarwal @bobcallaway