npm
Sign UpSign In

ts-spiffe
TypeScript icon, indicating that this package has built-in type declarations

1.0.7-beta-14 • Public • Published

Spiffe-TypeScript

Secure Production Identity Framework for Everyone

Setup

Setup Spire Server

  • Download Spire from Spiffe.io
  • Follow the instructions on the website to run a Spire Server & Agent on your machine, but for a quick start
    • open the root of the directory your spire folder in a window
    • in another window, copy the conf files from SpireConfig from this repo over to the conf/server and conf/agent folders
    • find the Spire Root CA (crt and key files) that was created for server.fs.com trust domain in the SpireConfig folder , copy that to conf/server in the Spire folder
  • Now run the following commands (only tested this on MacOS)
./bin/spire-server run -config conf/server/server.conf && \
token=$(echo ./bin/spire-server token generate -spiffeID spiffe://server.fs.com/myagent | grep -o -E '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}') && \
./bin/spire-agent run -config conf/agent/agent.conf -joinToken "$token" && \
./bin/spire-server entry create -parentID spiffe://server.fs.com/myagent -spiffeID spiffe://server.fs.com/myworkload -selector unix:uid:501 && \
./bin/spire-server entry create -parentID spiffe://server.fs.com/myagent -spiffeID spiffe://server.fs.com/myworkload2 -selector unix:uid:501 &

This will start Spire server for server.fs.com trust domain, get a join token for your agent to connect, start the agent with the join token, register this workload (the integrated tests to run as the workload) You will see logs in your terminal from the spire agent and server, if the tests fail, it could be your unix socket or attestation of the unit test process uid:501. You'll have to read the Spiffe.io website to get help

What does it do

The goal here is to provide a simple means to:

  1. Initiate mTLS connections using this workload's SVID that has been requested from the Spire Agent
  2. Get x509 bundles that allow this workload to verify the remote service's SVID is valid and can be trusted (during handshake)
  3. Get a JWT using this workload's SVID that has been requested from the Spire Agent to call a service that can't use mTLS
  4. Validate a JWT from a caller service, so this workload can attest the caller has the right claims to use this workload

What's it intended for

This project is intended to be a library to abstract the complexity of working with Spiffe, so we can implement simple queries into any chosen framework, to authenticate and validate all callers into the workload protected by Spiffe

Prerequisites

Protoc Gen (TypeScript)

npm i protoc-gen-ts

GRPC Tools

npm install -g grpc-tools

Protobuf

MacOS

brew install protobuf

Linux

apt install -y protobuf-compiler

How to run

clone the source code
Pull all the dependencies
npm install
Build the classes for Protobuf
npm run genproto
Run all tests
npm run test
Run unit tests
npm run test:unit
Run integration tests
npm run test:integration

Readme

Keywords

Package Sidebar

Install

npm i ts-spiffe

Repository

github.com/andyfurnival/spiffe-library

Homepage

github.com/andyfurnival/spiffe-library#readme

Weekly Downloads

519

Version

1.0.7-beta-14

License

SEE LICENSE IN <filename>

Unpacked Size

883 kB

Total Files

252

Last publish

Collaborators

  • andy.furnival
Try on RunKit
Report malware