-
Whilst we investigate Teleport acting as a SPIFFE provider, we should also support Teleport acting as a consumer of SPIFFE SVIDs. This will allow `tbot` instances running in a SPIFFE enabled environme…
-
### Application contact emails
atul@sgnl.ai, erik@sgnl.ai, chiranjeewee@sgnl.ai
### Project Summary
Assure identity and context in microservices call chains
### Project Description
Trat…
-
I'd like to be able to use my own CA for the https_web profile of the bundle endpoint. This is currently not allowed by the specification through [wording such as](https://github.com/spiffe/spiffe/bl…
-
SPIFFE x509 SVIDs are ideal for AWS Roles Anywhere. Typically, these are fetched from a local Workload API by the application that uses them, but, today with the credential-helper, you must fetch them…
-
*Description*:
Envoy establishes a network connection with Spire via Nginx: envoy -> nginx -> spire-sds. To achieve balanced load, Nginx will actively disconnect every 30 minutes:
```
http {
…
-
The BatchCreateEntry currently returns some status codes, InvalidArgument, InternalError (for most database issues), AlreadyExists. If I try to create an entry with some invalid parameters, e.g. entry…
-
When using podSelector for issuing Spiffe ID's it is not possible to set required label name and value in spiffe-oidc-discovery-provider.
E g:
spire-server:
controllerManager:
enabled: t…
-
### Bug Description
Charms are no longer able to connect to other charms external URL regardless of the ingress provider (Seen on both traefik and istio-ingress-k8s) when model is on the mesh and t…
-
The Mintx509SVID API should accept hints as a field when minting a new x509. This would allow parity with the normal operations of creating a new entry for deployments of SPIRE.
https://github.com…
-
now that linkerd supports client certs, it should be pretty straightforward to instrument [spiffe](spiffe.io) support