Trusted Certificate Service (TCS) is a K8s service to protect signing keys using Intel's SGX technology. K8s CSR and cert-manager CR APIs are both supported. TCS also contains integration samples for Istio service mesh and Key Management Reference Application (KMRA).
This is to validate the CSRs received from Istio where the mutual TLS private key is stored in the SGX Enclave. In that case we sign the request only it is coming from a valid enclave.
This is to validate the CSRs received from Istio where the mutual TLS private key is stored in the SGX Enclave. In that case we sign the request only it is coming from a valid enclave.