vault-auth-spire icon indicating copy to clipboard operation
vault-auth-spire copied to clipboard

Published 20 hours ago verified publisher icon bloomberg

Metadata

vault-auth-spire is an authentication plugin for Hashicorp Vault which allows logging into Vault using a Spire provided SVID.

Results 13 vault-auth-spire issues
Sort by recently updated
recently updated
newest added

Ownership of X509-SVIDs are currently unknown

2 comment

## Background Authentication using X509 SVIDs is a three-step process. 1. Prove client logging into Vault is the owner of the X509-SVID being passed in. 2. Prove the X509-SVID was...

dennisgove avatar dennisgove

discussion
release-blocker

SvidVerifier::Verify assumes an x509-based SVID

The current implementation of [`SvidVerifier::Verify`](https://github.com/bloomberg/vault-auth-spire/blob/f2e20e33d85979aeb867a288d95d71efd0f541cf/internal/common/svidverifier.go#L49) assumes the SVID will be an [`x509-SVID`](https://github.com/spiffe/spiffe/blob/master/standards/X509-SVID.md) and doesn't consider the possibility of a [`JWT-SVID`](https://github.com/spiffe/spiffe/blob/master/standards/JWT-SVID.md). **Purpose**: This issue will track the discussion and implementation of...

dennisgove avatar dennisgove

release-blocker

Discussion: Convert SPIFFE ID into a list of Vault policy IDs

One of the pieces of data returned from the [`pathAuthLogin`](https://github.com/bloomberg/vault-auth-spire/blob/develop/cmd/plugin/vault-auth-spire.go#L154) method is a list of Vault policy ids to apply to the login session. A core component of this plugin...

dennisgove avatar dennisgove

help wanted
discussion
release-blocker

Metadata

41
Stars
8
Forks
Watchers

Owner

verified publisher icon bloomberg

Metadata

vault-auth-spire is an authentication plugin for Hashicorp Vault which allows logging into Vault using a Spire provided SVID.

Back