IDSA keys storage in k8s secrets #15
Comments
|
step 0 secret, then if resource allows i would investigate citadel
|
|
I would go for the more docker/k8s solution. To make it easier to understand in the first run. If we face performance issues, we should have it in mind. |
|
If my memory serves me well, K8s secret volumes get mounted on a tmpfs which is normally RAM- backed. So key look up should be darn fast...well, at least that's the theory, time will tell :-) |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At the moment both pub and private keys sit in the adapter config. While it's okay for the pub key to be there, we should find a better home for the private key---think raising the bar for security. Figure out if Istio Citadel could help here or should we rather use K8s secrets/tmpfs volumes? Any other options?
The advantage of adapter config storage is access speed and caching. We should consider these two factors too when scratching around for a solution.
The text was updated successfully, but these errors were encountered: