23 lines
832 B
Go
23 lines
832 B
Go
// SSH Credential Composer — SPIRE CredentialComposer plugin.
|
|
//
|
|
// Runs in SPIRE Server. Intercepts SVID minting to generate SSH certificates
|
|
// with Shellstream governance extensions. Handles both SSH certificate creation
|
|
// and governance metadata injection in a single plugin.
|
|
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
)
|
|
|
|
func main() {
|
|
// TODO: wire up go-plugin serve with SPIRE CredentialComposer interface
|
|
// The plugin will:
|
|
// 1. Receive SVID minting request from SPIRE Server
|
|
// 2. Generate an SSH certificate with the SPIFFE ID as principal
|
|
// 3. Encode Shellstream extensions (sat-scope, tenant-id, roles, etc.)
|
|
// 4. Sign the certificate with the SSH CA key
|
|
// 5. Return the composed credential
|
|
fmt.Fprintln(os.Stderr, "ssh-credential-composer: SPIRE CredentialComposer plugin (not yet implemented)")
|
|
os.Exit(1)
|
|
}
|