-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor: attestation uses key providers to generate/retrieve keys
instead of directly supporting signing key backup service, attestation now supports fetching keys via generic key providers. Currently 3 providers are implemented: * embed * backup * get (fetches full key via API) In the future we can add more providers such as querying keys from secret manager/etc. In order to achieve that there is top-level attestation object now: ``` attestation { key_provider: "get" # picks which provider to use # configure providers attestation_key_embed {...} attestation_key_backup {...} attestation_key_get {...} } ``` Each provider supports their set of fields such as external providers might require to configure `auth` which will use existing `auth_config`s. To make the code simpler to follow as well as to make UX simpler some changes: * `chalk setup` does not prompt for password anymore. To import existing key password needs to be supplied via `CHALK_PASSWORD` env var. * there are no more `chalk setup load` and `chalk setup gen` subcommands. There is only a single `chalk setup` which either loads key if the provider supports that or generates new key, again if provider supports that. This allowed to remove a lot of complexity in the key loading logic. * all provider logic is in attestation/<provider>.nim * to avoid name conflict attestation.nim was renamed to attestation_api.nim which also matches plugin_api.nim * attestation_api.nim now: * handles key retrieval/generation via provider * implements logic to sign/verify signatures (not refactored)
- Loading branch information
Showing
31 changed files
with
1,355 additions
and
1,135 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.