Alexander Scheel

@grzegorz-sz See #168 for where CI pipelines are currently -- ~I think `scripts/dist.sh` will need to change and we'll need to remove dependence on `hashicorp/actions-packaging-linux` perhaps.~ The `build` action is...

@DemiMarie said: >> It would be up to the client (i.e., the daemon trying to self-request a certificate) to re-issue the request with the same parameters, which means you still...

### Summary Allow OpenBao to self-manage TLS certificates for its listener via the ACME protocol, similar to Caddy's automated certificate management. This would align OpenBao with server projects like Caddy,...

@dependabot rebase

[age](https://github.com/FiloSottile/age) is one of the better choices here I think, as we could use GitHub to pull down SSH keys and encrypt to those. JWTs could be interesting, but it...

@nf-brentsaner I understand that; it was meant as an alternative to the existing keybase support, which AFAIK, is not a requirement but an alternative to explicit PGP keys. This could...

I think these are two separate discussion topics, do you mind splitting them into two?

Closing as more discussion has gone on in #300. PKCS#11 support has been proposed in go-kms-wrapping if you'd like to try it out!

@joewxboy This is for CI/CD and local testing of third-party integrations, not (just) for pulling our own images we publish. I don't _think_ open source classification was sufficient as I'd...

> SPIFFE authentication is not like normal mTLS. The certificate lifetimes tend to be very short, and authentication is based on attributes of the certificate, such as the SPIFFE ID...