Make bootstrapping SSF easier (e.g. generating and storing keys) #42
Labels
enhancement
New feature or request
Comments
|
Is it faster to restore from backup or just regenerate keys and resign everything with new keys? |
|
We need both a dev answer and production answer. |
|
We just need to keep repaving of the SSF quick, e.g. generating new keys, rebuilding images, etc. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
The problem is when someone runs this the first time they have to generate their own keys. If they are using a local k8s like minikube or kind, if it crashes they potentially lose their keys if they're not stored right.
Additionally we need a way of bootstrapping SSF for a real demo or test environment as well.
Same goes for Vault keys.
How should we generate and store keys such that in case of a failure during dev work users don't have to generate all new keys each time.
Is there a way to encrypt and secure the keys for backup purposes in an easy way.
A reason why we might want backups is if we are signing our artifacts and validating them, if we lose our keys it means we need to rebuild and resign everything again, even when doing dev work.
Either we need a way of backing up the keys, or a way of quickly rebuilding, resigning everything. Key management is hard :(
The text was updated successfully, but these errors were encountered: