Comments (1)
Hello @marranz,
I'm not sure if you have already solved this yourself, but I recently played with BLESS and kmsauth.
-
The
user_type
has to be set touser
. A typeservice
is for two services to communicate with each other, and is used in Lyft's other projects that utilise kmsauth (like https://github.com/lyft/confidant). -
The
from
must be your AWS IAM username, which should be enforced by the IAM policy that grantskms:Encrypt
to your user. (https://github.com/lyft/python-blessclient#setup-a-kmsauth-key--policy-in-your-aws-account) -
kmsauth_remote_usernames_allowed
should only contain shared accounts. Anyone who has permission to invoke the BLESS lambda can also add these usernames to their certificate.
I found this guide useful when getting started. http://www.tastycidr.net/a-practical-guide-to-deploying-netflixs-bless-certificate-authority/
from bless.
Related Issues (20)
- Is Marshmellow<3 required to function? HOT 4
- Invalid Key length when using gpg-agent
- Is this project still under development HOT 1
- Ability to sign SSH certificate with SHA2 HOT 4
- hope
- Nonstandard SSH port HOT 1
- Add optional parameters HOT 3
- Optional parameter [kmsauth token] cannot be passed in HOT 3
- Are you guys aware of anything similar to this for Google Cloud Platform? HOT 2
- Amazonlinux make bug HOT 2
- Unable to login with the cert got from lambda function HOT 1
- make test fails on deprecated warnings [linting] HOT 5
- document `-m PEM` option to ssh-keygen
- .travis.yml: The 'sudo' tag is now deprecated in Travis CI
- Authorization with BLESS? HOT 1
- Support authentication with OpenID Connect HOT 4
- How to make the bastion transparent for users
- Add the possibility to use encrypted private key with KMS HOT 2
- Potential dependency conflicts between bless and boto3 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bless.