Skip to content

Commit

Permalink
add todo
Browse files Browse the repository at this point in the history
  • Loading branch information
@salrashid123
salrashid123 committed Oct 4, 2023
1 parent 6f804d5 commit 0409059
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ While not running on a GCP platform like GCE, Cloud Run, GCF or GKE, `Service Ac

You can see why here in the protocol itself: [Using OAuth 2.0 for Server to Server Applications](https://developers.google.com/identity/protocols/oauth2/service-account#authorizingrequests). Basically service account authentication involves locally signing a JWT using a registered private key and then exchanging the JWT for an `access_token`.

What this repo offers is a way to generate the JWT while the RSA key is embedded on a `PKCS-11` aware device like an `HSM`, `TPM` or even a `Yubikey`.
What this repo offers is a way to generate the JWT while the RSA key is embedded on a TPM and then use it to issue GCP `access_tokens`

(you can also import an external RSA to a device to the same effect but its more secure to have an unexportable key that'll never leave hardware).

Expand Down
10 changes: 10 additions & 0 deletions TODO.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
## TODO's

* Load from files

instead of persistent handles, use loadable keys from file.

see: [go-tpm-tools#349](https://github.com/google/go-tpm-tools/issues/349)

and [chained keys](https://github.com/salrashid123/tpm2/tree/master/context_chain)

0 comments on commit 0409059

Please sign in to comment.