Skip to content

Instantly share code, notes, and snippets.

@mkulke

mkulke/secret_key_release.md

Created May 24, 2023 14:34
Show Gist options
  • Save mkulke/560e5db6f7dfd7b368d14fe385effcf5 to your computer and use it in GitHub Desktop.
Save mkulke/560e5db6f7dfd7b368d14fe385effcf5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
secret_key_release.md

Get the secret from KBS via AA

Install grpcurl:

cd $(mktemp -d)
curl -LO https://github.com/fullstorydev/grpcurl/releases/download/v1.8.7/grpcurl_1.8.7_linux_x86_64.tar.gz
tar -xvzf grpcurl_1.8.7_linux_x86_64.tar.gz
sudo mv grpcurl /usr/local/bin

Download the proto file:

curl -LO https://raw.githubusercontent.com/confidential-containers/attestation-agent/main/protos/getresource.proto

Get the secret from KBS but by talking to the AA, adjust KBS_URI accordingly:

export KBS_URI="http://127.0.0.1:8080"
grpcurl -proto getresource.proto -plaintext -d @ 127.0.0.1:50001 getresource.GetResourceService.GetResource <<EOM | jq -r .Resource | base64 -d
{
  "ResourcePath": "/my_repo/resource_type/123abc",
  "KbcName":"cc_kbc",
  "KbsUri": "$KBS_URI"
}
EOM
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment