Lucas Käldström: I spoke with a SPIFFE maintainer about something similar the other day. He prototyped an example of the token equivalent here github.com/spiffe/k8s-s... I wrote in my thesis that it'd be fun to see how far retrofitting SPIFFE into k8s would go in practice.

See full post

Micah Hausler micahhausler.com · May 9, 2025
Cool idea I don't have time for: use AWS's Nitro TPM for Kubernetes node authentication. Get an instance to sign some material with it's TPM, and verify it from the K8s API by retrieving the public endorsement key. docs.aws.amazon.com/AWSEC2/lates...
Retrieve the public endorsement key for an EC2 instance - Amazon Elastic Compute CloudRetrieve the public endorsement key for an EC2 instance - Amazon Elastic Compute Cloud

Learn how to securely retrieve the public endorsement key for an Amazon EC2 instance.

docs.aws.amazon.com

View on Bluesky Show all post labels
Lucas Käldström luxas.dev
I spoke with a SPIFFE maintainer about something similar the other day. He prototyped an example of the token equivalent here github.com/spiffe/k8s-s... I wrote in my thesis that it'd be fun to see how far retrofitting SPIFFE into k8s would go in practice.
GitHub - spiffe/k8s-spiffe-workload-auth-config

Contribute to spiffe/k8s-spiffe-workload-auth-config development by creating an account on GitHub.

github.com
Jul 1, 2025 08:38
0 reposts 0 quotes 0 likes

View on Bluesky Show all post labels

An unhandled error has occurred. Reload 🗙