Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workload ID: Revocation/CRL Support #51504

Open
strideynet opened this issue Jan 27, 2025 · 0 comments · May be fixed by #52353
Open

Workload ID: Revocation/CRL Support #51504

strideynet opened this issue Jan 27, 2025 · 0 comments · May be fixed by #52353
Assignees
@strideynet
Labels
c-mzz Internal Customer Reference feature-request Used for new features in Teleport, improvements to current should be #enhancements machine-id

Comments

@strideynet
Copy link
Contributor

strideynet commented Jan 27, 2025
edited
Loading

  • Support revoking X509 SVIDs issued by Workload Identity
    • For now, serial number via tctl
  • Distributing CRL via SPIFFE
    • Do we need optional ability to distribute upstream CRL as we do for external PKI?
  • Publish CRL via endpoint

Ideally, ability to expire CRL entries along with certificate expiry would be useful.

RE: Roles Anywhere:

Callbacks to CRL Distribution Points (CDPs) or Online Certificate Status Protocol (OCSP) endpoints are not supported.
@strideynet strideynet added c-mzz Internal Customer Reference feature-request Used for new features in Teleport, improvements to current should be #enhancements machine-id labels Jan 27, 2025
@strideynet strideynet self-assigned this Feb 3, 2025
This was referenced Feb 10, 2025
Merged
Merged
Merged
Merged
@strideynet strideynet linked a pull request Feb 20, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@strideynet strideynet

Labels
c-mzz Internal Customer Reference feature-request Used for new features in Teleport, improvements to current should be #enhancements machine-id
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Workload Identity Revocations Signing gravitational/teleport
1 participant
@strideynet