You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -53,7 +53,7 @@ In some cases it might be desirable for SPIRE to avoid being exposed to a signin
SPIRE comes with a set of built-in Key Manager plugins for the [Server](/docs/latest/deploying/spire_server/) and [Agent](/docs/latest/deploying/spire_agent/).
Note that the Key Manager is *not* provided with contextual metadata about the signing operation that it is performing (e.g., X.509 Certificate Signing Request). The SPIRE server performs any necessary policy evaluation on the signing request itself, and hands hashed data to the Key Manager plugin that is used as an input for creating a signature. This means that a Key Manager plugin cannot be developed for the means of performing evaluation of the request outside of the SPIRE server (e.g., Certificate Authority (CA) service in the case of X.509). The Upstream Authority plugin is the single method of integration between SPIRE and external CA's.
Note that the Key Manager is **not** provided with contextual metadata about the signing operation that it is performing (e.g., X.509 Certificate Signing Request). The SPIRE server performs any necessary policy evaluation on the signing request itself, and hands hashed data to the Key Manager plugin that is used as an input for creating a signature. This means that a Key Manager plugin cannot be developed for the means of performing evaluation of the request outside of the SPIRE server (e.g., Certificate Authority (CA) service in the case of X.509). The Upstream Authority plugin is the single method of integration between SPIRE and external CA's.
