-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kes: add support for API key authentication #340
base: master
Are you sure you want to change the base?
Conversation
2e9ab7a
to
af404e0
Compare
case config.APIKey != nil: | ||
cert, err = kes.GenerateCertificate(config.APIKey) | ||
if err != nil { | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we return the error here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor comment. Also how to verify the changes?
internal/keystore/kes/kes.go
Outdated
if config.PrivateKey == "" { | ||
return nil, errors.New("kes: no private key provided") | ||
if config.APIKey != nil && (config.PrivateKey != "" || config.Certificate != "") { | ||
return nil, errors.New("kes: ambiguous configuration: API key as well as mTLS private key and certificate provided") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
API key as well as mTLS private key and/or certificate provided
?
af404e0
to
effeabc
Compare
This commit adds support for KES<->KES authentication via API keys. Now, a KES edge server can authenticate to a KES server (stateful) via API keys - not just via TLS private key / certificate files. Signed-off-by: Andreas Auernhammer <[email protected]>
effeabc
to
2170223
Compare
Please resolve the conflict and add steps for verification. I feel we can add a wiki for the this mechanism of API keys authentication, right? |
@aead PTAL |
This commit adds support for KES<->KES authentication via API keys. Now, a KES edge server can authenticate to a KES server (stateful) via API keys - not just via TLS private key / certificate files.