Secure Key Release App enhancements

Azure / confidential-computing-cvm-guest-attestation

Confidential VM Platform Guest attestation sample apps

MIT License

61 stars 39 forks source link

Closed sid-habu closed 1 year ago

sid-habu commented 1 year ago

In the cvm-securekey-release-app app

The MAA URL used for SKR flow is hardcoded to https://sharedweu.weu.attest.azure.net/ and doesn't use the custom URL passed by the client
There is no support to pass in custom nonce in the client_payload MAA token by the client
If multiple managed identities are assigned to the Confidential VM (AKS with Azure Policy), IMDS auth fails as it cannot determine the client_id

sid-habu commented 1 year ago

Have sent a PR to support/fix the above

canfikret commented 1 year ago

Thank you for your contribution, Siddharth. PR is approved.