{"id":39113828,"url":"https://github.com/wirepact/k8s-pki","last_synced_at":"2026-01-17T20:01:24.764Z","repository":{"id":37047263,"uuid":"424392623","full_name":"WirePact/k8s-pki","owner":"WirePact","description":"The PKI for WirePact in Kubernetes.","archived":false,"fork":false,"pushed_at":"2024-05-22T23:04:35.000Z","size":1051,"stargazers_count":2,"open_issues_count":7,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2024-05-22T23:56:05.718Z","etag":null,"topics":["pki","wirepact"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/WirePact.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-03T21:59:43.000Z","updated_at":"2024-05-27T22:47:04.390Z","dependencies_parsed_at":"2024-02-26T21:32:26.213Z","dependency_job_id":"dd8309b7-a7af-47d5-87af-982f52e907fb","html_url":"https://github.com/WirePact/k8s-pki","commit_stats":{"total_commits":400,"total_committers":4,"mean_commits":100.0,"dds":0.06000000000000005,"last_synced_commit":"7e0519d2f67389eede85753e35b8ef6b264f8703"},"previous_names":[],"tags_count":230,"template":false,"template_full_name":null,"purl":"pkg:github/WirePact/k8s-pki","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WirePact%2Fk8s-pki","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WirePact%2Fk8s-pki/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WirePact%2Fk8s-pki/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WirePact%2Fk8s-pki/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/WirePact","download_url":"https://codeload.github.com/WirePact/k8s-pki/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WirePact%2Fk8s-pki/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28517429,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T18:55:29.170Z","status":"ssl_error","status_checked_at":"2026-01-17T18:55:03.375Z","response_time":85,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pki","wirepact"],"created_at":"2026-01-17T20:01:23.307Z","updated_at":"2026-01-17T20:01:24.736Z","avatar_url":"https://github.com/WirePact.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kubernetes PKI for WirePact\n\nThis is the PKI for WirePact in Kubernetes.\n\nThe PKI is responsible to provide translators and other types of\nparticipants with key material used in WirePact to sign\nthe transmitted identity and to create the mTLS connection.\n\nRead about WirePact (aka Distributed Authentication Mesh) in\n[Distributed Authentication Mesh](https://buehler.github.io/mse-project-thesis-1/report.pdf)\nand [Common Identities in a Distributed Authentication Mesh](https://buehler.github.io/mse-project-thesis-2/report.pdf).\n\nThe operator will install a PKI it its own namespace in Kubernetes.\nTo communicate with the PKI, use the provided\n[proto file](./proto/pki.proto)\nto fetch the CA certificate as well as send a certificate signing\nrequest to the PKI.\nThe PKI supports authorization through a pre-shared API key.\nThe operator will create a random API key and configures the PKI\nwith API key by default. Thus, it is possible to expose the PKI\nto the public without risking unauthorized access.\n\nTo see an example (in rust), head over to the\n[example file](./examples/send_csr.rs).\n\n### Configuration\n\nThe PKI can be configured via environment variables or command line\narguments.\n\n- `PORT` (`-p --port \u003cPORT\u003e`): Defines the port that the PKI listens\n  to gRPC connections (Default: `8080`)\n- `SECRET_NAME` (`-s --secret-name \u003cNAME\u003e`): The name of the Kubernetes\n  secret, that stores the CA and the key (Default: `wirepact-pki-ca`)\n- `API_KEY` (`--api-key \u003cKEY\u003e`): The API key that is used to authorize all api calls.\n  If omitted, the PKI will not check the incoming requests for authorization.\n- `LOCAL` (`-l --local`): If set, the CA and\n  other elements of the key material gets\n  stored locally instead of in a Kubernetes secret\n- `DEBUG` (`-d --debug`): If set, debug log messages are emitted\n  by the PKI\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwirepact%2Fk8s-pki","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwirepact%2Fk8s-pki","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwirepact%2Fk8s-pki/lists"}