-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add support for jwt-svid #43
Comments
Whats the use case for this? |
A lot of web services that accept oidc for auth could benefit from this I think? Say, using spiffe-helper along with curl and minio to fetch some files. |
In my case it is to be able to use sigstore with keyless signing from a tekton pipeline. In order to to keyless signing one must be able to integrate sigstore-fulcio with an OIDC provider. When signing from a workload, this could be done with a jwt-svid. Using a tekton task with the spiffe-helper as a sidecar to retrieve the svid-jwt document would streamline the process. |
what worry me here is how to persist it.... |
Multiple files is better. The client doesn't want to parse these formats, just mount a string useful as authentication header. Our use case is watching a mounted volume in a pod. When the file changes, we'll update our local copy of jwt when preparing remote requests. On server side, we need bundle to verify jwt signature. JWKS should be a separate file to make loading that easier. Think of how users will consume these files. client: 3 files
bundle.txt
svid.json
|
Came across this issue while looking for an easy way to get a JWT in my workload to support the OIDC AWS use case. |
@keeganwitt Will review the associated PR and get it merged soon. |
Note: created #112 related to this change. |
No description provided.
The text was updated successfully, but these errors were encountered: