Peyton Walters
Peyton Walters
Where is it implemented? I don't see anything about execing in a specific container.
Ah I see. I still think that a command that did the exec with the Docker api like [the current exec command](https://github.com/testcontainers/testcontainers-go/blob/master/docker.go#L233) but also returned the output from the command...
Awesome. Let me polish it off, and I'll PR.
Yup I'm open to using an `io.Reader` as the return type. If we're using a reader, do we still want to wait to return until the exec is done, or...
I like the TPM quote idea, and generation and verification are already built into existing TPM libraries. Should mean that the actual verification logic won't be too hard to write....
Ah gotcha. Are there any other ideas on how to store public keys? If not, this is blocked until that interface gets implemented.
This information would need to updated whenever a new machine needs to be provisioned. This is relatively frequent - at least a few times an hour. This is why I'm...
AFAIK, any unprivileged user being able to access the TPM is very uncommon, so I think it's safe to re-attest by default and optionally disable re-attestation. That plan sounds like...
That all looks good to me. As far as SPIFFE ID goes, I'm hesitant supporting something like manufacturer or serial number unless there's a way to consistently get that information...
Actually, after looking at an EK cert a little bit more, I realized we could use the serial number field in the cert. We'd have to combine this with the...