adding further description of KeyManager #285
Conversation
ChaosInTheCRD
requested review from
sanderson042,
mchurichi,
ajessup,
Andres-GC,
evan2645 and
umairmkhan
as code owners
✅ Deploy Preview for spiffe ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
ChaosInTheCRD
force-pushed
the
keymanager-description
branch
from
fead5da
to
e46bc40
Compare
There was a problem hiding this comment.
Hi @ChaosInTheCRD - Thank you for the PR! My day job is editing and writing software documentation, so here's my take on the wording. Someone else can review the meaning.
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Co-authored-by: Steve Anderson <[email protected]> Signed-off-by: chaosinthecrd <[email protected]>
ChaosInTheCRD
force-pushed
the
keymanager-description
branch
from
7bd517e
to
789297e
Compare
There was a problem hiding this comment.
Thank you @ChaosInTheCRD for this enhancement in the documentation.
While I think that a clarification about how the Key Manager operates is needed, I would probably word this little differently because IMO it puts some negative emphasis that's not the intent of the section.
Let me discuss this with the SPIRE maintainers team and get back here with the feedback.
Thanks again!
Hey! No problem, it wasn't my intention to make anything sound negative, just to draw a line between what the key manager is and what the upstream authority is |
Description of the change
I began some work to try and make a KeyManager plugin that handed off signing to a CA service in the hope that said service could make policy decisions based on the SVID being presented (e.g., X.509 Certificate Signing request). Of course this does not work, and I misled myself. I am hopeful that this PR will make it more clear for others that hope to do the same thing.