udf2457
udf2457
Yeah, I'm currently using `FAI` but I recently discovered `KIWI` and it looks very interesting, more robust and potentially easier to work with than `FAI`.
@karl-johan-grahn Was your environment setup to enforce ? My environment is k3s, with security setup as per the docs (https://docs.k3s.io/security/hardening-guide), in particular the PSA: ``` apiVersion: apiserver.config.k8s.io/v1 kind: AdmissionConfiguration plugins:...
@MuneebAijaz Thanks for your message, unfortunately I don't know because I no longer use Reloader.
@ericchiang Per [Yubico tech ](https://docs.yubico.com/hardware/yubikey/yk-5/tech-manual/yk5-piv-tech-desc.html): > PIV management key in AES format renders the YubiKey compatible with current or future FIPS-compliant CMS services.
I stumbled accross this one today too. I am using `Close()` but this does not appear to be honoured. Even if I add `time.Sleep(20 * time.Second)` after `Close()` , `piv-go`...
As long as we _finally_ get more flexible key support, including PKCS#11 (#427) and other options (#525), maybe even Yubikeys then you've got my +1 @rdimitrov :wink: Also strikes me...
@MDr164 Thanks for the reply. If `securesystemslib` is only used for CJSON, then why was I referred back to `securesystemslib` when bringing up the lack of PKCS11 support before in...
I agree more should be done to improve support for offline storage of keys. From my perspective (#427), PKCS#11 support would be far more useful, that would mean you could...
Useful references: https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator
@thoughtpolice The trouble with seeing `nix` as the solution is its still something many people don't use, and its well documented as having a steep learning curve, so its not...