-
The kernel has a way to unseal a blob with the TPM without having to expose the secret to userspace* with "TPM Trusted and Encrypted Keys": https://www.kernel.org/doc/html/latest/security/keys/trusted…
-
Emerald Weapon Appearance Stone - not working
S-grade Weapon Pack - gives A-grade weapons
TOP-Grade Life stone - cannot use
S-grade cannot unseal
Talisman of Power - cannot combine with Talisman o…
-
I'm working on a Vault setup that could be used in production.
I would like to use AWS KMS auto-unseal mechanism as a convenient way of managing cluster state, but I also need to have reliant backup…
-
Thank you for sharing your valuable insights.
I read [Protecting Secrets At Tpm Interface](https://tpm2-software.github.io/2021/02/17/Protecting-secrets-at-TPM-interface.html) article and tried the…
jx6f updated
8 months ago
-
**Describe the bug**
service-route.yaml has servicePort hardcoded (8200), and should be equivalent of service-ingress.yaml. Additionally, passthrough is selected for tls termination, but by defau…
-
In the first case: the `a` function is typed fine, but we cannot call it with an array with extra keys: https://psalm.dev/r/03b8db3286
But if we unseal the parameters array, the `meta` key type is …
-
**Needs more investigation**
I'm still looking at how blox is handling seal tokens.
here's my line of thoughts:
Do they need to use a different way of sealing/unsealing the vault? i.e.
- ht…
-
I used the vault-auto-unseal example to set up a cluster based off the ami created by the vault-consul-ami option example.
It appears that the documentation for the vault-cluster module may be inco…
-
I am seeing this on trying to authenticate to the webui with `webui/webui` as the user/pass combo.
Any idea why?
-
After we support CDH to unseal secret by ehsm, we can integrate the ability of ehsm to make sealed secrets in the [tool](https://github.com/confidential-containers/guest-components/blob/main/confident…