-
Notifications
You must be signed in to change notification settings - Fork 485
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Use HashiCorp Vault as a SPIRE Server KeyManager #5058
Comments
Thanks for opening this @InverseIntegral ❤️ I think there's a clear use case for Vault-based KeyManager on SPIRE Server .. I took the liberty of updating this issue title to reflect that. Use case around SPIRE Agent plugin for this is a little more hazy to me, so I'd like to suggest you create a new issue for that if you're interested, there will probably be some questions there. In terms of moving this contribution forward, the best resource will be the SPIRE channel in SPIFFE slack .. post a message there that you're trying to author a plugin and someone can help. You can see current plugin implementations here and SDK containing the protos and utils for building out-of-tree plugins here |
@InverseIntegral if you're still willing to carry this forward please let me know and I'll assign the issue to you. You can find me on SPIFFE slack as well. Thank you!! 🙏 |
@evan2645 Thanks for getting back to me. Yes, my intention was to implement this for the SPIRE server first. I've also thought about a use-case for a similar plugin for the SPIRE agent but that would require a separate issue. I would love to work on this once I'm back home from my extended holidays, so feel free to assign the issue to me 🙂 And thank you for the pointers to previous plugin implementations! |
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
Signed-off-by: Matteo Kamm <[email protected]>
We are currently using HashiCorp Vault as our UpstreamAuthority for our SPIRE setup and we would like to also use the Vault as a KeyManager. Therefore, we propose the addition of a new plugin that integrates Vault into the SPIRE ecosystem via a KeyManager plugin. This plugin could be applied to both the spire-server and the spire-agent. One thing that we should consider is whether Vault supports the appropriate key types that are used by SPIRE.
I would also be willing to implement such a plugin but I'm not quite sure where to get started.
The text was updated successfully, but these errors were encountered: