Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC] Should be able to configure key-server from Issuer #7

Open
avalluri opened this issue Feb 7, 2022 · 1 comment
Open

[RFC] Should be able to configure key-server from Issuer #7

avalluri opened this issue Feb 7, 2022 · 1 comment

Comments

@avalluri
Copy link
Contributor

avalluri commented Feb 7, 2022

In case of provisioning the CA key and root certificate from a key-server using quote attestation, the key server URL and credentials could be able to configure from the Issuer sepecification:

apiVersion: tcs.intel.com/v1alpha1
kind: TCSIssuer
metadata:
    name: my-ca
    namespace: sandbox
spec:
    secretName: my-ca-cert
    keyServer:
      url: https://test-kmra-server.com:433
      secretRef: server-secret  // credentials to access the server
@avalluri
Copy link
Contributor Author

avalluri commented Feb 7, 2022

This also needs changes to QuoteAttestation CRD to accommodate the key server details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@avalluri