Trusted Certificate Service (TCS) is a K8s service to protect signing keys using Intel's SGX technology. K8s CSR and cert-manager CR APIs are both supported. TCS also contains integration samples for Istio service mesh and Key Management Reference Application (KMRA).
Apache License 2.0
29
stars
15
forks
source link
internal/sgx: support for AES-GCM key unwrapping #58
Beside CKM_AES_KEY_WRAP_PAD mechanism added support for AES_GSM key wrapping. IsecL uses GSM key encryption.