Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make project FIPS-compliant #113

Closed
1 task done
orenbm opened this issue Apr 17, 2020 · 0 comments · Fixed by #97
Closed
1 task done

Make project FIPS-compliant #113

orenbm opened this issue Apr 17, 2020 · 0 comments · Fixed by #97
Assignees
@orenbm
Milestone
PalmTree - sprint...

Comments

@orenbm
Copy link
Member

orenbm commented Apr 17, 2020

As described in the solution design we will use BoringCrypto to make the project FIPS-compliant.

This will be done by performing the following steps:

  • Replace the base image from golang to the corresponding goboring/golang . For example, golang:1.12 should turn into goboring/golang:1.12.17b4
  • Enable cgo by setting CGO_ENABLED=1 in the env
  • Verify that the authenticator binary uses the BoringCrypto libraries by running go tool nm authenticator and verifying that it has symbols named Cfunc__goboringcrypto

DoD:

  • conjur-authn-k8s-client is FIPS-compliant
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@orenbm orenbm

Labels
None yet
Milestone
PalmTree - sprint 2009
Development

Successfully merging a pull request may close this issue.

Build and publish a FIPS compliant image of conjur-authn-k8s-client cyberark/conjur-authn-k8s-client
1 participant
@orenbm