spire icon indicating copy to clipboard operation
spire copied to clipboard

Published 20 hours ago verified publisher icon spiffe

Proposed Bundle Publisher destinations and formats

Open azdagron opened this issue 1 year ago • 5 comments

Please comment below for others that should be considered.

  • [ ] K8s Secret (PEM,JWKS,SPIFFE)
  • [ ] K8s ConfigMap (PEM,JWKS,SPIFFE)
  • [ ] K8s Webhook (PEM)
  • [ ] K8s Service (PEM)
  • [ ] AWS S3 (PEM,JWKS,SPIFFE)
  • [ ] Google Cloud Storage (PEM,JWKS,SPIFFE)

azdagron avatar Mar 30 '23 19:03 azdagron

Hello @azdagron, can I get a little primer on bundle publisher vs notifier. I have an S3 notifier plugin I'm going to publish a PR for hopefully soon.

EItanya avatar Jul 14 '23 12:07 EItanya

Hi @EItanya, the plan is to depreciate the Notifier plugin interface in favor of the BundlePublisher interface. Please see #2909 for more details. Unfortunately, we don't really plan to add new Notifier plugins at this time. We already have support for BundlePublisher plugins in SPIRE, and I have an aws_s3 plugin PR mostly ready to be submitted, so we should have that support soon.

amartinezfayo avatar Jul 14 '23 13:07 amartinezfayo

Oh ok, thanks so much for the context!

EItanya avatar Jul 14 '23 22:07 EItanya

also publishing the bundle to "K8s Secret" or "AWS secret manager" can helm if you publish it to regular secret , we can use pushSecret crd of external secret in order to sync with AWS secret manager/ Vault etc...

ahoze-r7 avatar Dec 12 '23 16:12 ahoze-r7

Maybe azure blob as well

kfox1111 avatar Jan 23 '24 14:01 kfox1111