tking/guildhouse-spire-plugins
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
guildhouse-spire-plugins/deploy
History
Tyler J King f0268305ae docs(spire): revocation cascade timing + Keylime SPIRE server config 
Document the trust withdrawal cascade:
  Keylime breach → posture degraded → sessions downgraded
  → SPIRE re-attestation fails → SVIDs expire
  → service mTLS fails → quorum degrades

No new code for the cascade — it's emergent from existing
re-attestation behavior + the Keylime attestor plugin.
SPIRE federation handles cross-edge propagation through
standard certificate expiration.

Three timing profiles: Standard (~1hr), Enhanced (~15min),
Critical (~5min) with SVID TTL configuration guidance.

Example SPIRE server config with Keylime attestor + k8s_psat
fallback for nodes without hardware TPM.

Signed-off-by: Tyler King <tking@guildhouse.dev>
Signed-off-by: Tyler J King <tking727@gmail.com>
2026-04-15 20:36:00 -04:00
..
cascade-timing.md docs(spire): revocation cascade timing + Keylime SPIRE server config 2026-04-15 20:36:00 -04:00
kustomization.yaml Initial scaffolding: specs, plugins, pkg/shellstream 2026-02-18 10:47:09 -05:00
spire-agent-config.yaml Remediate all 17 audit findings from AUDIT.md 2026-02-18 11:45:33 -05:00
spire-server-config.yaml Remediate all 17 audit findings from AUDIT.md 2026-02-18 11:45:33 -05:00
spire-server-keylime.yaml docs(spire): revocation cascade timing + Keylime SPIRE server config 2026-04-15 20:36:00 -04:00