salrashid123
salrashid123
FR to support encryption/decryption using TPM based keys. WIth this, you can encrypt and decrypt data only with the _same_ TPM. for example, this is encryption/decryption using `tpm2_tools` (cpp), and...
Currently there is no easy way to acquire an `id_token` for a service account that was impersonated. For example, if you run an application as SA1 but you would like...
FR to provide an API to create and verify google OIDC tokens. These `id_tokens` are based on service account type flows (service_ccount.json, compute engine, impersonatec credentials) and can be used...
This is a longer term FR: At the moment, the build and test steps requires gcc,make nodejs. However, those are only needed if you want to deploy with functions.zip or...
Suggest using use [execve](http://man7.org/linux/man-pages/man2/execve.2.html) instead of execv so that users can set and launch a runtime which may require specific .so files or other env variables For example: ```cc char...
FR to support importing HMAC key and using it via PKCS11, eg, with SoftHSM, i'd define something like the [following](https://github.com/tpm2-software/tpm2-tools/issues/1597) to import an external HMAC key: ```golang hmacKeyTemplate := []*pkcs11.Attribute{...
Attempting to use `server.VerifyAttestation` using the snippet provided below [server.VerifyAttestation](https://pkg.go.dev/github.com/google/[email protected]/server#VerifyAttestation) fails on debian 10 with ``` gcloud compute instances create shielded-sb --zone=us-central1-a --machine-type=e2-medium --no-service-account --no-scopes \ --create-disk=auto-delete=yes,boot=yes,device-name=shielded-sb,image=projects/debian-cloud/global/images/debian-10-buster-v20211104,mode=rw,size=10,type=projects/mineral-minutia-820/zones/us-central1-a/diskTypes/pd-balanced \ --shielded-vtpm --shielded-secure-boot...
`JWTAccess` clients not used with pubsub The following snippet constructs a jwtaccess token client and then tries to apply that as an `authClient` to pubsub ```javascript const {GoogleAuth, JWTAccess, OAuth2Client}...
id tokens set the format to `full` always which may include a lot of extra information in the token eg. the gce instanceid, zone, etc, see https://github.com/googleapis/google-auth-library-nodejs/issues/792#issuecomment-575188336 and described [here](https://cloud.google.com/compute/docs/instances/verifying-instance-identity#token_format)...
The experimental sts credential support calls an external HTTP server using default certificate store and TLSConfigurations https://github.com/grpc/grpc-go/blob/master/credentials/sts/sts.go#L195-L204 This prevents using this credential type with an STS server that returns [Certificate...