Initial commit

philips-labs · Aug 25, 2021 · 5fa3bee · 5fa3bee
commit 5fa3bee
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,15 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+trim_trailing_whitespace = true
+insert_final_newline = true
+indent_size = 2
+tab_width = 2
+indent_style = space
+
+[*.go]
+indent_size = 4
+tab_width = 4
+indent_style = tab
diff --git a/README.md b/README.md
@@ -0,0 +1,12 @@
+# SPIFFE Vault
+
+Integrates [SPIFFE][spiffe] SVID authentication with [Hashicorp Vault][hashivault] to retrieve a `VAULT_TOKEN`.
+
+## Example usecases
+
+- Read secrets from Hashicorp Vault [Hashicorp Vault][hashivault] without providing a secret to authenticate against [Hashicorp Vault][hashivault]. Instead we will be using a [SPIFFE][spiffe] SVID to authenticate ourself against [Hashicorp Vault][hashivault].
+
+- Perform secretless/keyless code signing by utilizing the [Hashicorp Vault Transit engine](https://www.vaultproject.io/docs/secrets/transit) as a software defined HSM. This resolves the issue of having signing keys on a local machine as well resolves the issue of managing secrets to access the signing keys. Again we utilize the [SPIFFE][spiffe] SVID to authenticate against Hashicorp Vault.
+
+[hashivault]: https://vaultproject.org "hashicorp Vault"
+[spiffe]: https://spiffe.io "SPIFFE"