[Discussion] Certificate Tool #98
Comments
|
Having some sort of tool to setup the certificates, used mostly by IIS, which for example we install using certutil.exe, but that could also be setup via a command line the following one would be great. Generally speaking, guidance on how to replace certificates on production systems without using tools like cert-manager (aks for example) would be great to have somewhere in the docs, as you have to figure it out on your own today. |
|
@israelvaldez We hope to solve this by releasing Certificate Tool which would install and manage certificates and also deal with certificate rotation. As we've been exploring this issue, we also thought about having a bootstrapper tool to serve as an entry point into the container, invoke tools like Certificate Tool, and then de-escalating privilege but this idea needs further exploration. |
|
Has there been any progress on this discussion? It would be very useful for applications that perform client certificate auth - we can't bake certs into images, and a proxy sidecar would be challenging |
|
@pl4nty We're still working on this but can't share a timeline currently. We'd be interested to dive deeper into the use cases and requirements you would have for this tool. |
|
@lucillex thanks. I doubt this container is a supported scenario, but it's the best public example I have. It's a similar scenario to Azure AD App Proxy and presumably the other M365 onprem agents (user provisioning etc) |
Process isolated containers is an isolation mode of containers that have loose sandbox capabilities in the sense they do not have serviceable security boundaries. The containers are isolated in that they share different network stacks, trace trees, and certificate stores but the sandboxing capabilities are not strong enough that someone can intentionally or unintentionally get past the sandbox and access other containers being hosted on the same VM.
Containers have two default users that they can run - container user and container administrator. The container user is a low-privilege mode that can do a lot less than a container administrator. However, a container administrator user is almost like an administrator in the underlying host because the container kernel is shared with the underlying VM kernel.
Generally, admin privileges are mostly needed at startup when the service needs to read/set registry settings, access the certificate store, download and install certificates, and configure monitoring agents. We've heard from customer engagement that having a tool for Windows Containers to handle processes needed to be done in higher level privileges such as certificate installation before dropping to low-privilege would provide value to users.
We would love to hear your feedback on this.
The text was updated successfully, but these errors were encountered: