zerodayyy
commented
1 year ago This feature would be extremely useful for anyone using SOPS on Azure Kubernetes, as it would allow using Azure Workload Identity instead of deprecated Azure Pod Identity
Open nbjohnson opened 1 year ago
zerodayyy
commented
1 year ago This feature would be extremely useful for anyone using SOPS on Azure Kubernetes, as it would allow using Azure Workload Identity instead of deprecated Azure Pod Identity
sunib
commented
1 year ago Thanks for raising this issue: the silence here makes me a bit nervous given the upcoming deprecation (March 31). Would there be room to accept a PR that integrates this? Or is nobody looking at this project anymore? It would be very nice to have some statement so that we as community also know what to expect.
Update: I just noticed the sandboxing request, that could be a very nice chance to get the love that this project deserves.
The current Go libraries used for Azure KeyVault access will be out of support by March 31, 2023 https://github.com/Azure/go-autorest Can SOPS please update to use the new libraries for continued use? https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/azidentity
The new version of the identity library also supports
ClientAssertionCredentialwhich is need to support authentication with the new workload identity that Azure is rolling out, sample of how it is used can here found here https://github.com/Azure/azure-workload-identity/blob/main/examples/msal-go/main.go#L46Upgrading the Azure Go authentication libraries before they are out of support and adding a new up and coming authentication method would be greatly appreciated