Blake Burkhart

icon indicating a website link bburky.com

icon company @defenseunicorns icon location This space intentionally left blake.

Results 74 comments of Blake Burkhart

Improve security of zarf registry NodePort

See https://github.com/defenseunicorns/zarf/issues/375 about HA registries for some previous discussion of registries including some third party in-cluster registries.

Improve security of zarf registry NodePort

* if possible, I would recommend solving b) above too. The simplest option is just to enable the built in TLS inside the registry, and use [`OPENSSL:`](http://www.dest-unreach.org/socat/doc/socat.html#ADDRESS_OPENSSL_CONNECT) in `socat` to...

Integrate Sigstore for "keyless signing" of packages and their build provenence

To implement keyless signing verification zarf will need to provide more options than it's current `--key` to verify signatures. To support verifying signatures using the built-in default sigstore Public-Good Instance...

STSClient does not use environment variable for region controls

I'm still seeing this bug too. A hacky workaround is setting `AWS_ENDPOINT_URL_STS` manually. This is useful if it's third party code calling `fromNodeProviderChain()` that I cannot modify. ```sh export AWS_ENDPOINT_URL_STS=https://sts.${AWS_REGION}.amazonaws.com...