-
### Summary
Support a SPIFFE authentication plugin that would allow a user to obtain an authentication token via SPIFFE mTLS.
### Problem Statement
The problem that any user of OpenBao must i…
-
We have a Golang SDK that exposes two methods and uses [go-spiffe][go-spiffe] as a library:
* [`func Fetch() (reqres.SecretFetchResponse, error)`][fetch]
* [`func Watch()`][watch]
The task here is t…
-
It's not clear if this is an overlooked bug or a desired feature, but it looks like neither the `database_type` nor the `connection_string` can be set via `.Values.dataStore.sql.plugin_data`, even tho…
-
SPIFFE is a CNCF incubating workload attestor that provisions / and rolls certificates over a unix socket API. They conveniently provide a go library [with examples](https://github.com/spiffe/go-spiff…
-
Do Workload ID tokens require an `iss` claim or is the issuer implicit as part of the WIMSE URI in the `sub` claim?
Also, does the `iss` claim add any additional value in scope of this draft aka "Doe…
-
Current situation:
When we define a `ClusterSPIFFEID` for a workload, VSecM essentially trusts it.
From VSecM’s vantage point
`"spiffe://vsecm.com/vsecm/workload/keycloak/n/traffic-steering-1122334…
-
Working with multiple clusters is rather inconvenient right now, fix that.
-
Executing `helm install vsecm vsecm/vsecm` works fine and passes all the integration and unit tests.
However, `helm install mahmut vsecm/vsecm` fails with the following state:
```text
aegis@aegis:~…
-
-
Currently the root and intermediates to establish a functionary’s chain of trust are part of the layout. The layout is then signed and used during verification that all functionaries belong to the est…