Trusted Certificate Service (TCS) is a K8s service to protect signing keys using Intel's SGX technology. K8s CSR and cert-manager CR APIs are both supported. TCS also contains integration samples for Istio service mesh and Key Management Reference Application (KMRA).
Apache License 2.0
29
stars
15
forks
source link
controller/issuer: make sure the signer is loaded from token #57
Make sure that the signer info is loaded from the persistnat token. Otherwise, in case of Pod restart, the existing signers are not loaded and hence not ready for sining the new CSR requests.
Make sure that the signer info is loaded from the persistnat token. Otherwise, in case of Pod restart, the existing signers are not loaded and hence not ready for sining the new CSR requests.