Evan Gilman
Evan Gilman
When configuring federation in SPIRE Server, remote bundle endpoint servers are configured in terms of what profile they are using (i.e. `https_web` or `https_spiffe`). This is in contrast to SPIRE...
Workload attestation currently occurs when a workload first connects to the workload api. This is fine for most use cases, but causes a problem for selectors that may describe runtime...
When a SPIRE Server bundle endpoint is configured without ACME, it serves the `https_spiffe` profile by default. Aside from this being poorly documented, when the profile is misconfigured on the...
In a conversation with @azdagron and @MarcosDY, we noted that the regular SAT token in k8s is now the exact same shape as the PSAT token, and therefor the PSAT...
Previously, the integration tests would rely on the default k8s image version, which differs based on the version of kind we're using. This commit explicitly pins the image version such...
SPIRE Server currently stores a small amount of data on disk, which it uses to recover some state after restarts/reboots. That data is limited to public key information and CA...
A new OAuth spec called "Demonstrating Proof-of-possession at the Application Layer" or [DPoP](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-16) is nearing ratification. It describes a methodology for binding a public key to a JWT, and using...
As part of releasing SPIRE, we tag the API SDK and Plugin SDK repositories so folks know what's compatible with the SPIRE release they're using. We typically tag main, which...
Many previous issues and PRs have taken attempts at solving a plethora of authorization pains that the SPIRE Server APIs currently face. These APIs tend to have a number of...