|
|
|
|
|
|
by difc
142 days ago
|
|
|
Thanks! Currently network identity is host-based, but in the middle of introducing SPIFFE based on ZTunnel. Should be done in the next couple of days. Runtime enforcement means that any side effects are routed through a proxy (nucleus-tool-proxy) that does realtime checks on permissions and gates the behavior. SPIFFE for MicroVM agents is a compelling idea and I'll update when this is ready. |
|
|