-
### Checklist
- [X] I agree to the terms within the [OpenFGA Code of Conduct](https://github.com/openfga/.github/blob/main/CODE_OF_CONDUCT.md).
### Describe the problem you'd like to have solved
Cu…
-
**What would you like to be added**:
Support [SPIFFE](https://github.com/spiffe/spiffe) for verifying nfd-worker/labeler IDs. For example, utilize spiffe IDs for verifying the identity of creat…
-
Add automation to create images when releasing spiffe-helper,
Acceptance criteria:
- use scratch image as base
- images are pushed into `ghcr.io`
Optional:
- Release windows images
-
**Is your feature request related to a problem? Please describe.**
Managing certificates/identities for all your log shippers / log processors is difficult.
**Describe the solution you'd like**
I…
-
## Feature Request
Support using [SPIFFE](https://spiffe.io) for identity and use this provide mTLS credentials to services.
Other service meshes such as [Envoy](https://spiffe.io/docs/latest/mi…
-
SPIFFE x509 SVIDs are ideal for AWS Roles Anywhere. Typically, these are fetched from a local Workload API by the application that uses them, but, today with the credential-helper, you must fetch them…
-
*Description*:
Envoy establishes a network connection with Spire via Nginx: envoy -> nginx -> spire-sds. To achieve balanced load, Nginx will actively disconnect every 30 minutes:
```
http {
…
ktalg updated
11 hours ago
-
Whilst we investigate Teleport acting as a SPIFFE provider, we should also support Teleport acting as a consumer of SPIFFE SVIDs. This will allow `tbot` instances running in a SPIFFE enabled environme…
-
When using podSelector for issuing Spiffe ID's it is not possible to set required label name and value in spiffe-oidc-discovery-provider.
E g:
spire-server:
controllerManager:
enabled: t…
-
Do Workload ID tokens require an `iss` claim or is the issuer implicit as part of the WIMSE URI in the `sub` claim?
Also, does the `iss` claim add any additional value in scope of this draft aka "Doe…