You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Currently, the Kritis signer binary only accepts a policy file that resides on the local filesystem. In the context of Kritis Signer being containerized (i.e. most cases), the policy file must be "baked" into the container image. This becomes problematic when multiple unique policies are required (maybe due to differing security sensitivity of workloads being analyzed/signed). In this case, it requires creating multiple Kritis signer container images each with a custom baked in policy file.
Describe the solution you'd like
Provide the option of pulling the policy.yaml from an external location, for example GCS. For example using the command line option: "-policy=gs://bucket/path/policy.yaml", with the binary detecting a GCS path and pulling the policy accordingly.
Describe alternatives you've considered
Requires building multiple kritis signer images with the policy.yaml baked in.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Currently, the Kritis signer binary only accepts a policy file that resides on the local filesystem. In the context of Kritis Signer being containerized (i.e. most cases), the policy file must be "baked" into the container image. This becomes problematic when multiple unique policies are required (maybe due to differing security sensitivity of workloads being analyzed/signed). In this case, it requires creating multiple Kritis signer container images each with a custom baked in policy file.
Describe the solution you'd like
Provide the option of pulling the policy.yaml from an external location, for example GCS. For example using the command line option: "-policy=gs://bucket/path/policy.yaml", with the binary detecting a GCS path and pulling the policy accordingly.
Describe alternatives you've considered
Requires building multiple kritis signer images with the policy.yaml baked in.
The text was updated successfully, but these errors were encountered: