in-toto-golang
in-toto-golang copied to clipboard
Abstract PKI with SPIRE
We would like to use SPIRE to provide the PKI to in-toto. This would give us the ability to tie build to hardware security modules, or cloud meta-data in a predictable way through the SPIRE plugin system. I am opening this ticket to start a discussion on how the implementation should look.
@colek42 sorry for the long time delay. Do you have anything to 'show' already? I see that you guys open PRs sometimes. It gives a good hint and as far as I had a look on it, it looks pretty fine for me.
Any additions from your side @lukpueh @SantiagoTorres ?
It is ready to go! But still lost of work to do
https://github.com/boxboat/in-toto-golang
We also presented at the KubeSec, and the recent SPIFFE/SPIRE community day.
There are some specification changes that needed to happen to support certificate authority verification. We are going to need to make an ITE to get it upstreamed -- my current goal is to get the ITE ready before KubeCon EU. Lot's of other good work in our fork. Let's discuss what pieces you would like to see upstreamed at the next community meeting.
SPIRE support is in in-toto-golang for some time now, somehow this issue's gone unnoticed.