mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 17:23:22 +00:00
bfbb71734d
* feat: add GCP KMS support for Teleport CA key material This commit implements support for GCP KMS as a backend for CA operations in Teleport. This is able to take advantage of much of the infrastucture that we have already created for HSM support, and simply appears as a new backend for the private key material. The necessary configuration parameters include only the name of the KMS keyring to use, and the protection level (which can be HSM or SOFTWARE). These are configured in the teleport.yaml directly, in a new section under the existing `ca_key_params` used for HSM configuration. The GCP credentials are expected to be provided to the Teleport auth server via the [Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc). This means that it "just works" if the auth server is running on a GCP compute instance with the correct attached role, and you can run tests locally by authenticating with `gcloud auth login`. This does not support Teleport Cloud, as our current HSM support does not, because the Auth server needs the configuration and the access to the GCP account. That would be a larger effort probably requiring a new Teleport service. |
||
---|---|---|
.. | ||
jwk.go | ||
jwt.go | ||
jwt_test.go |