-
### Summary
Route53 allows enabling DNSSEC keys on registered domain, and also enable DNSSEC signing per hosted zone. It would be amazing if this was configurable through Ansible as well.
It would…
-
Currently, Tink uses the V1 AWS Go SDK. In early 2021 AWS launched a V2 Go SDK: https://github.com/aws/aws-sdk-go-v2. Tink should support the V2 SDK as it's easier to use!
-
**Description**
When trying to use AWS KMS to sign my certs in fulcsio using `awskms://[endpoint]/[arn]` it took me ages to realize that the endpoint was optional, but the trailing `/` was not. It'…
-
Right now the only way of signing your metadata files is by using a local key file. Many users would prefer to store sensitive keys in KMS. tools like ['tuftool'](https://tuf-repo-cdn.sigstore.dev/tar…
-
### Describe the bug
when an existing artifactBucket is provided with existing kms key for the pipeline, CDK would not add correct policy for the role to generate the data key and is having the err…
pahud updated
1 month ago
-
### Discussed in https://github.com/kyverno/kyverno/discussions/9132
Originally posted by **VikramPunnam** December 11, 2023
Hi,
I have deployed the Kyverno v1.11.0 on the private EKS clust…
-
Hi,
Having support for AWS KMS as a key storage would be very beneficial for AWS users. As the only option for AWS HSM currently is the very costly AWS CloudHSM. This would be similar to the work s…
-
### Describe the bug
im using the [pipelines](https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.pipelines/README.html) construct to deploy resources cross account through the pipelines. When th…
-
I'd like to be able to allow *anyone* to encrypt secrets to me; but only allow decryption through sops/KMS.
AWS support this with key_usage of `ENCRYPT_DECRYPT`. https://docs.aws.amazon.com/kms/lates…
-
### Describe the bug
If you make your catalog settings using this and add a KMS key:
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_glue.CfnDataCatalogEncryptionSettings.html
And t…