Initial bootstrap and other maintenance commands for keystone must have rely on the service API instead of writing to the DB manually bypassing control flows. It makes sense for keystone to establish also a Unix socket as an admin interface. This way there are:
- axum over http (public interface)
- axum over spiffe mtls (internal interface)
- raft over mtls (consensus raft, not usable by clients)
- axum over uds (admin interface)
This way additional level of protection for certain functions can be achieved
Initial bootstrap and other maintenance commands for keystone must have rely on the service API instead of writing to the DB manually bypassing control flows. It makes sense for keystone to establish also a Unix socket as an admin interface. This way there are:
This way additional level of protection for certain functions can be achieved