-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide a SPIFFE CLI utility in this repository #23
Comments
Perhaps:
Maybe some of the functionality from the SPIRE OIDC provider can live here too? |
One case I'd be interested in is supporting processes without native workload support. I'm thinking the user-interaction might look something like this:
the spiffe tool would write out temp files (ideally, to somewhere like a tmpfs that's relatively secure) and exec the tool with the templated parameters filled in. Lots of bikeshedding to do on the details, and at least in the above case I'd probably want a wrapper shell script (I'd call it spiffe-mysql or something) so folks don't have to type it out. That would work with tools like curl, mysql, etc -- anything that takes a cert bundle, client cert, and key as files. Maybe a flag to send a signal to the child on update, too? |
There's a few ways you might want to specify the paths to files:
|
You may also want support for different file formats... eg, our internal not-yet-spiffe software supported that set of file format options & that's given almost complete coverage of software we've run into. |
Handling rotation:
|
This is basically a description of spiffe-helper, but I think it's helpful to re-state what the goals are for a larger tool. |
There is a community need for a generalized SPIFFE CLI utility, with many useful features possible. Among them:
There are likely additional features that would fit well here (SPIFFE bundle fetching? Munging to type-specific bundles? etc). I would expect this utility to be fetchable/installable via typical go workflow, and would also expect it to fully subsume the functionality currently implemented in https://github.com/spiffe/spiffe-helper
The text was updated successfully, but these errors were encountered: