in-toto-golang icon indicating copy to clipboard operation
in-toto-golang copied to clipboard

Published 20 hours ago verified publisher icon in-toto

Abstract PKI with SPIRE

Open colek42 opened this issue 3 years ago • 2 comments

We would like to use SPIRE to provide the PKI to in-toto. This would give us the ability to tie build to hardware security modules, or cloud meta-data in a predictable way through the SPIRE plugin system. I am opening this ticket to start a discussion on how the implementation should look.

colek42 avatar Jan 06 '21 13:01 colek42

@colek42 sorry for the long time delay. Do you have anything to 'show' already? I see that you guys open PRs sometimes. It gives a good hint and as far as I had a look on it, it looks pretty fine for me.

Any additions from your side @lukpueh @SantiagoTorres ?

shibumi avatar Mar 18 '21 21:03 shibumi

It is ready to go! But still lost of work to do

https://github.com/boxboat/in-toto-golang

We also presented at the KubeSec, and the recent SPIFFE/SPIRE community day.

There are some specification changes that needed to happen to support certificate authority verification. We are going to need to make an ITE to get it upstreamed -- my current goal is to get the ITE ready before KubeCon EU. Lot's of other good work in our fork. Let's discuss what pieces you would like to see upstreamed at the next community meeting.

colek42 avatar Mar 19 '21 18:03 colek42

SPIRE support is in in-toto-golang for some time now, somehow this issue's gone unnoticed.

adityasaky avatar May 04 '23 15:05 adityasaky