Trusted Certificate Service (TCS) is a K8s service to protect signing keys using Intel's SGX technology. K8s CSR and cert-manager CR APIs are both supported. TCS also contains integration samples for Istio service mesh and Key Management Reference Application (KMRA).
Apache License 2.0
29
stars
15
forks
source link
[RFC] Should be able to configure key-server from Issuer #7
In case of provisioning the CA key and root certificate from a key-server using quote attestation, the key server URL and credentials could be able to configure from the Issuer sepecification:
apiVersion: tcs.intel.com/v1alpha1
kind: TCSIssuer
metadata:
name: my-ca
namespace: sandbox
spec:
secretName: my-ca-cert
keyServer:
url: https://test-kmra-server.com:433
secretRef: server-secret // credentials to access the server
In case of provisioning the CA key and root certificate from a key-server using quote attestation, the key server URL and credentials could be able to configure from the Issuer sepecification: