Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Credential Caching #75

Merged
merged 11 commits into from
Jun 23, 2022
Merged

Implement Credential Caching #75

merged 11 commits into from
Jun 23, 2022

Conversation

wlynch
Copy link
Member

@wlynch wlynch commented Jun 16, 2022

Summary

This introduces a socket based credential cache to allow caching of keys
so that users do not need to go through the OIDC flow multiple times
for batch operations (e.g. rebases).

Credentials are keyed to git working directories so that different repos can
cache different identities, and credentials are never directly stored to disk.

Signed-off-by: Billy Lynch [email protected]

Ticket Link

Fixes #21

Release Note

Adds gitsign-credential-cache: an optional credential cache for reusing keys for multiple signing requests.

imjasonh
imjasonh reviewed Jun 16, 2022
View reviewed changes
cmd/gitsign-credential-cache/README.md Outdated Show resolved Hide resolved
cmd/gitsign-credential-cache/main.go Outdated Show resolved Hide resolved
go.mod Outdated Show resolved Hide resolved
internal/fulcio/identity.go Outdated Show resolved Hide resolved
@wlynch
Implement Credential Caching
45d6e8d 
This introduces a socket based credential cache to allow caching of keys
so that users do not need to go through the OIDC flow multiple times
for batch operations (e.g. rebases).

Credentials are keyed to git working directories so that different repos can
cache different identities, and credentials are never directly stored to disk.

Signed-off-by: Billy Lynch <[email protected]>
@wlynch
Remove grpc in favor of net/rpc.
8777df5 
Signed-off-by: Billy Lynch <[email protected]>
@wlynch
Update README.md with more warning about when not to use the cache.
1239c68 
Signed-off-by: Billy Lynch <[email protected]>
@wlynch
Remove unused code, remove usage of cosign/fulcioroots.
1c52e4a 
Signed-off-by: Billy Lynch <[email protected]>
@wlynch
Add missing license headers.
e088ce6 
Signed-off-by: Billy Lynch <[email protected]>
@wlynch wlynch requested a review from imjasonh June 16, 2022 19:47
@wlynch
Fix lint errors.
e041e2e 
Signed-off-by: Billy Lynch <[email protected]>
@wlynch
Use filepath.Join instead of simple string append.
591fd9b 
Signed-off-by: Billy Lynch <[email protected]>
@wlynch
go mod tidy
6b03ee4 
Signed-off-by: Billy Lynch <[email protected]>
imjasonh
imjasonh reviewed Jun 17, 2022
View reviewed changes
cmd/gitsign-credential-cache/README.md Outdated Show resolved Hide resolved
cmd/gitsign-credential-cache/README.md Outdated Show resolved Hide resolved
@wlynch wlynch requested a review from imjasonh June 21, 2022 21:15
imjasonh
imjasonh previously approved these changes Jun 22, 2022
View reviewed changes
znewman01
znewman01 suggested changes Jun 22, 2022
View reviewed changes
Copy link

@znewman01 znewman01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Only blocking comment is about permissions of the socket

cmd/gitsign-credential-cache/main.go Outdated Show resolved Hide resolved
cmd/gitsign-credential-cache/main.go Show resolved Hide resolved
internal/cache/client.go Outdated Show resolved Hide resolved
internal/cache/service.go Outdated Show resolved Hide resolved
@wlynch
Cache updates
b68b6df 
- Return CertSignerVerifier
- Move static values to const
- Use XDG_CACHE_DIR for user data directory.

Signed-off-by: Billy Lynch <[email protected]>
@wlynch wlynch requested a review from znewman01 June 23, 2022 16:01
@wlynch wlynch requested a review from imjasonh June 23, 2022 20:21
imjasonh
imjasonh approved these changes Jun 23, 2022
View reviewed changes
Copy link
Member

@imjasonh imjasonh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's do it!

When this goes in I'll try it out for a few days and see if anything breaks. 🤞

@imjasonh imjasonh merged commit 0fb71e6 into sigstore:main Jun 23, 2022
@imjasonh imjasonh mentioned this pull request Jun 24, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imjasonh imjasonh imjasonh approved these changes

@znewman01 znewman01 znewman01 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Batch signing support
3 participants
@wlynch @imjasonh @znewman01