Y
Hacker News
new
|
ask
|
show
|
jobs
by
lemagedurage
52 days ago
That works on a single persistent box, but unfortunately, that means giving up on autoscaling, which is not so nice for cloud applications.
1 comments
otabdeveloper4
51 days ago
You can proxy the UNIX socket to a network server if you want to. You can even use SSL encryption at all times too.
link
lmz
51 days ago
Once it's networked you lose the "whitelist of systemd services" and it's then no different from any networked secret store.
link
otabdeveloper4
51 days ago
No, this is a solved problem:
https://spiffe.io/
You can do service attestation securely, even for networked services.
link
burnished
48 days ago
Nice. Really grateful for your participation in this comment tree
link