Dustin C. Hatch
534c4bfca0
`keyserv` is a little utility I wrote to dispense *age* keys to clients. It uses SSH certificates for authentication. If the client presents an SSH certificate signed by a trusted key, the server will return all the keys the principal(s) listed in the certificate are allowed to use. The response is encrypted with the public key from the certificate, so the client must have access to the corresponding private key in order to read the response. I am currently using this server to provide keys for the new configuration policy. The keys herein are used to encrypt NUT monitor passwords.
22 lines
448 B
YAML
22 lines
448 B
YAML
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: keyserv
|
|
labels:
|
|
app.kubernetes.io/name: keyserv
|
|
app.kubernetes.io/component: keyserv
|
|
app.kubernetes.io/part-of: keyserv
|
|
spec:
|
|
ingressClassName: nginx
|
|
rules:
|
|
- host: keyserv.pyrocufflink.blue
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: keyserv
|
|
port:
|
|
name: keyserv
|