Open v0lkan opened 6 months ago
Also from docs:
Configure AWS Secrets Manager The SPIRE Server can be configured to load CA credentials from Amazon Web Services Secrets Manager, using them to generate intermediate signing certificates for the server’s signing authority. This strategy can be managed by enabling and configuring the awssecret UpstreamAuthority plugin for the SPIRE Server. Configure AWS Certificate Manager The SPIRE Server can be configured to load CA credentials from Amazon Web Services Certificate Manager Private Certificate Authority (PCA) them to generate intermediate signing certificates for the server’s signing authority. This strategy can be managed by enabling and configuring the aws_pca UpstreamAuthority plugin for the SPIRE Server. Configure another SPIRE installation The SPIRE Server can be configured to load CA credentials from the Workload API of another SPIFFE implementation such as SPIRE. This enables a technique called “Nested SPIRE” that, as a compliment to HA deployments, allows independent SPIRE Servers to issue identities against a single trust domain. A full treatment for Nested SPIRE is beyond the scope of this guide. However this strategy can be managed by enabling and configuring the spire UpstreamAuthority plugin for the SPIRE Server.