Support client certificates for service authentication #684
Comments
kichristensen
added a commit
to kichristensen/opa
that referenced
this issue
Oct 22, 2018
Adds support for usings client certificates to authenticate against service endpoints. It also enables users to allow insecure TLS connections to service endpoints. Fixes open-policy-agent#684 Signed-off-by: Kim Christensen <[email protected]>
tsandall
pushed a commit
that referenced
this issue
Oct 25, 2018
Adds support for usings client certificates to authenticate against service endpoints. It also enables users to allow insecure TLS connections to service endpoints. Fixes #684 Signed-off-by: Kim Christensen <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently the service client used for bundle downloading, status reporting, and decision log uploading only supports bearer tokens for authentication. Some users would prefer to rely on client certificates.
The credentials configuration could be extended to include a "client_tls" key:
Service clients are instantiated from configuration here. To implement this enhancement, we need to extend the client configuration defined earlier in that file with the client TLS parameters defined above. The validation step should load and parse files from disk (returning errors if necessary). In addition, the HTTP client used internally will need to configured with the TLS certificates.
The text was updated successfully, but these errors were encountered: