search

hashicorp / nomad

Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.
https://www.nomadproject.io/
Other
14.87k stars 1.95k forks source link

ed25519 key support #13633

Open svenstaro opened 2 years ago

svenstaro commented 2 years ago

Proposal

Nomad currently can't use ed25519 keys: client setup failed: Unsupported signature algorithm ed25519.PrivateKey; RSA and ECDSA only are supported.

I think it'd be great if Nomad could read these keys.

Use-cases

It's not such a well supported algorithm but security of it seems pretty good so why not?

Attempted Solutions

Well, at least ECDSA works.

tgross commented 2 years ago

Hi @svenstaro! It looks like we don't have support for that in Consul TLS either, so it's probably worth us looking at the set of cipher suites we support for TLS in general. I'm going to ping @picatz for his expertise and mark this for roadmapping.

svenstaro commented 2 years ago

Of course, support for this algorithm would be appreciated in Consul as well.