Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork0
Provides agent and server plugins for SPIRE to allow Tailscale node attestation.
License
jsiebens/spire-tailscale-plugin
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
⚠️ this node attestation plugin relies on a Tailscale OIDC id-token feature, which is marked as Work-in-Progress and may not be available for everyone yet.
This repository contains agent and server plugins forSPIRE to allowTailscale node attestation.
Before starting, create a running SPIRE deployment and add the following configuration to the agent and server.The agents should be running on a Tailscale node, with version>= 1.24.0.
NodeAttestor"tailscale" {plugin_cmd="/path/to/plugin_cmd"plugin_checksum="sha256 of the plugin binary"plugin_data {domain_allow_list=["example.com" ] }}
NodeAttestor"tailscale" {plugin_cmd="/path/to/plugin_cmd"plugin_checksum="sha256 of the plugin binary"plugin_data { }}
This plugin automatically attests instances using the Tailscale OIDC Token (a Tailscale feature still in WIP), and operates as follows:
- Agent fetches a Tailscale OIDC token from the local
tailscaledagent - Agent sends the token to the server
- Server validates the token.
- Server creates a SPIFFE ID in the form of
spiffe://<trust_domain>/spire/agent/tailscale/<hostname> - All done!
About
Provides agent and server plugins for SPIRE to allow Tailscale node attestation.
Topics
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Sponsor this project
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.