spire
spire copied to clipboard
spiffe
The SPIFFE Runtime Environment
When it comes to multi tenancy and spire there are not so many options to support that. One can go with nested spire servers architecture, however, starting a dedicated spire...
**Pull Request check list** - [x] Commit conforms to CONTRIBUTING.md? - [ ] Proper tests/regressions included? - [x] Documentation updated? **Description of change** Allows the spire-agent to rebootstrap itself if...
I'm trying to create variation of the `tpmdevid` plugin that instead of requiring you to provide a DevID and an already signed DevID certificate up front (which just moves the...
**Pull Request check list** - [x] Commit conforms to CONTRIBUTING.md? - [x] Proper tests/regressions included? - [x] Documentation updated? **Affected functionality** Added functionality in `aws_iid` node attestor, optionally enabled, to...
Currently, we only have configured the `k8sbundle` Notifier plugin in our Kubernetes integration tests. We should also exercise the `k8s_configmap` BundlePublisher plugin, as the `k8sbundle` Notifier plugin will be deprecated...
Is there appetite to support IRSA (IAM role for service account) with the s3 bundle publisher? It currently supports accessKeyId - secretAccessKey combo. The KMS keyManager plugin already does IRSA....
### Detailed Information: We have encountered an issue with `aws_mysql` and `aws_postgres` on AWS EC2 instances where `IMDSv2` is required. The error message we received is: ``` time="2025-05-29T17:31:37Z" level=error msg="Server...
- Upgrade `golangci-lint` to the latest version, v2.1.6. - Migrate to new config file format as required with v2. - Run `golangci-lint` via `go run` not `go tool`; the docs...
Enables specifying SPIFFE_ENDPOINT_SOCKET to the non run subcommands to the spire-agent partially-fixes: https://github.com/spiffe/spire/issues/5770