search

spiffe / spiffe.io

Source for the SPIFFE and SPIRE project websites. Hosted by the Cloud Native Computing Foundation
https://spiffe.io/
Other
25 stars 59 forks source link

adding further description of KeyManager #285

Open ChaosInTheCRD opened 1 year ago

ChaosInTheCRD commented 1 year ago

Description of the change I began some work to try and make a KeyManager plugin that handed off signing to a CA service in the hope that said service could make policy decisions based on the SVID being presented (e.g., X.509 Certificate Signing request). Of course this does not work, and I misled myself. I am hopeful that this PR will make it more clear for others that hope to do the same thing.

netlify[bot] commented 1 year ago

Deploy Preview for spiffe ready!

Name Link
Latest commit 789297ee3b3d2fac86347cfc51cead49f7faa6b1
Latest deploy log https://app.netlify.com/sites/spiffe/deploys/64e718f0bc42ea0008f615ff
Deploy Preview https://deploy-preview-285--spiffe.netlify.app/docs/latest/planning/extending
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

ChaosInTheCRD commented 1 year ago

Thank you @ChaosInTheCRD for this enhancement in the documentation.

While I think that a clarification about how the Key Manager operates is needed, I would probably word this little differently because IMO it puts some negative emphasis that's not the intent of the section.

Let me discuss this with the SPIRE maintainers team and get back here with the feedback.

Thanks again!

Hey! No problem, it wasn't my intention to make anything sound negative, just to draw a line between what the key manager is and what the upstream authority is ☺️