-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
spiffe-step-ssh server #198
Conversation
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Please update this commit to the baseline, so we can better determine if it is nearly ready for 0.22.0. |
A small description of the architectural elements that are going to be impacted is needed. This request comes from having some SSH clients that are not managed within the HELM items being supported, which impacts the overall security of the solution. I think the feature could be very beneficial, but the original problem being solved (other than containerized process access) needs a description, as well as all the impacted components (within HELM and outside of HELM). |
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
Signed-off-by: Kevin Fox <[email protected]>
charts/spiffe-step-ssh/templates/ssh-certificate-issuer-password-secret.yaml
Outdated
Show resolved
Hide resolved
Co-authored-by: Faisal Memon <[email protected]> Signed-off-by: kfox1111 <[email protected]>
Add a feature to enable trading a spire based cert for a signed ssh host cert automatically.
This enables hosts to start from scratch at bringup, attest with spire, and then get a signed ssh certificate users can trust came from the ssh ca.
Server components involved:
Host components involved:
User components: