Jason Vanderhoof

I'd actually recommend making the changes in the `DB::Repository::AuthenticatorRepository` class. If we updated the initializer and the `find_all` method to something like: ```ruby module DB module Repository class AuthenticatorRepository def...

@dataplex, @whip113 - I've been looking into this issue today. I have a potential fix, but it skirts a design issue: a host factory token can enroll a created host...

As containers are intended to be a single process, they don't support environment variable reloading. I agree with Ger's comment above. We should focus on enabling authenticators to be added...

Do we run tests using `RAILS_ENV=production`, or `RAILS_ENV=development`? If it's the latter, a simple next step could be to run tests using `production`. I believe that's how Conjur is run...

@telday, I was playing with this a bit on Friday and before we get this in, we need to standardize the URLs to conform both to our current authenticator standards,...

@gl-johnson, after some digging through the OpenID Connect gem, I think there's a simple option to enable CAs. OpenID Connect includes the ability to pass configuration to the underlying Faraday...

As Faraday has a `proxy` configuration, it's also possible the Faraday configuration approach could be used to support the Faraday proxy configuration: https://lostisland.github.io/faraday/#/customization/proxy-options

I like the approaches summarized in this document. _I'm adding this comment here as it's related to the CA configuration, but this should NOT be part of this effort._ Longer...

A couple of question and things I feel like are missing from this design: - Does the Kubernetes community include any guidance/expected interface/etc. for Secret Providers? I'm assuming a gRPC...

@doodlesbykumbi, After reviewing the video, I have a much better sense of the approach of this work. That being said, I'd really like to see us expand this document to...