Y
Hacker News
new
|
ask
|
show
|
jobs
by
cssx
4073 days ago
You can solve this by having a bootstrapping process that issues the appropriate credentials when bringing up a new server.
1 comments
donavanm
4073 days ago
And how do you trust the identity of the new server/instance during boot strapping?
link
0x44
4072 days ago
You could leverage the TPM and some version of remote attestation and only permit key-requests from attested machines. Alternatively (or concurrently), you could PXE boot all devices with a parameterized shared-secret individualized for each node.
link