Trusted Certificate Service (TCS) is a K8s service to protect signing keys using Intel's SGX technology. K8s CSR and cert-manager CR APIs are both supported. TCS also contains integration samples for Istio service mesh and Key Management Reference Application (KMRA).
It seems currently only the signer's private key is protect in Enclave, is there any plan to protect all the private keys used for kubernetes components?
It seems currently only the signer's private key is protect in Enclave, is there any plan to protect all the private keys used for kubernetes components?