package spire.common

Get desktop application:
View/edit binary Protocol Buffers messages

* A type which contains attestation data for specific platform.

• string type = 1

  * Type of attestation to perform.

• bytes data = 2

  * The attestation data.

Represents an attested SPIRE agent

• string spiffe_id = 1

  Node SPIFFE ID

• string attestation_data_type = 2

  Attestation data type

• string cert_serial_number = 3

  Node certificate serial number

• int64 cert_not_after = 4

  Node certificate not_after (seconds since unix epoch)

• string new_cert_serial_number = 5

  Node certificate serial number

• int64 new_cert_not_after = 6

  Node certificate not_after (seconds since unix epoch)

• repeated Selector selectors = 7

  Node selectors

• bool can_reattest = 8

  CanReattest field (can the attestation safely be deleted and recreated automatically)

• bool attestation_data_type = 1

• bool cert_serial_number = 2

• bool cert_not_after = 3

• bool new_cert_serial_number = 4

• bool new_cert_not_after = 5

• bool can_reattest = 6

• string trust_domain_id = 1

  * the SPIFFE ID of the trust domain the bundle belongs to

• repeated Certificate root_cas = 2

  * list of root CA certificates

• repeated PublicKey jwt_signing_keys = 3

  * list of JWT signing keys

• int64 refresh_hint = 4

  * refresh hint is a hint, in seconds, on how often a bundle consumer should poll for bundle updates

• uint64 sequence_number = 5

  * sequence number is a monotonically increasing number that is incremented every time the bundle is updated

• bool root_cas = 1

• bool jwt_signing_keys = 2

• bool refresh_hint = 3

• bool sequence_number = 4

• bool x509_tainted_keys = 5

* Certificate represents a ASN.1/DER encoded X509 certificate

Used in: Bundle

• bytes der_bytes = 1

• bool tainted_key = 2

* Represents an empty message

(message has no fields)

* PublicKey represents a PKIX encoded public key

Used in: Bundle

• bytes pkix_bytes = 1

  * PKIX encoded key data

• string kid = 2

  * key identifier

• int64 not_after = 3

  * not after (seconds since unix epoch, 0 means "never expires")

• bool tainted_key = 4

  * whether the key is tainted

* A list of registration entries.

• repeated RegistrationEntry entries = 1

  * A list of RegistrationEntry.

* This is a curated record that the Server uses to set up and manage the various registered nodes and workloads that are controlled by it.

Used in: RegistrationEntries

• repeated Selector selectors = 1

  * A list of selectors.

• string parent_id = 2

  * The SPIFFE ID of an entity that is authorized to attest the validity of a selector

• string spiffe_id = 3

  * The SPIFFE ID is a structured string used to identify a resource or caller. It is defined as a URI comprising a “trust domain” and an associated path.

• int32 x509_svid_ttl = 4

  * Time to live for X509-SVIDs generated from this entry. Was previously called 'ttl'.

• repeated string federates_with = 5

  * A list of federated trust domain SPIFFE IDs.

• string entry_id = 6

  * Entry ID

• bool admin = 7

  * whether the workload is an admin workload. Admin workloads can use their SVID's to authenticate with the Server APIs, for example.

• bool downstream = 8

  * To enable signing CA CSR in upstream spire server

• int64 entryExpiry = 9

  * Expiration of this entry, in seconds from epoch

• repeated string dns_names = 10

  * DNS entries

• int64 revision_number = 11

  * Revision number is bumped every time the entry is updated

• bool store_svid = 12

  * Determines if the issued SVID must be stored through an SVIDStore plugin

• int32 jwt_svid_ttl = 13

  * Time to live for JWT-SVIDs generated from this entry, if set will override ttl field.

• string hint = 14

  * An operator-specified string used to provide guidance on how this identity should be used by a workload when more than one SVID is returned.

• int64 created_at = 15

  * Time of creation, in seconds from epoch

* The RegistrationEntryMask is used to update only selected fields of the RegistrationEntry

• bool selectors = 1

• bool parent_id = 2

• bool spiffe_id = 3

• bool x509_svid_ttl = 4

• bool federates_with = 5

• bool entry_id = 6

• bool admin = 7

• bool downstream = 8

• bool entryExpiry = 9

• bool dns_names = 10

• bool store_svid = 11

• bool jwt_svid_ttl = 12

• bool hint = 13

* A type which describes the conditions under which a registration entry is matched.

Used in: AttestedNode, RegistrationEntry, Selectors

• string type = 1

  * A selector type represents the type of attestation used in attesting the entity (Eg: AWS, K8).

• string value = 2

  * The value to be attested.

* Represents a type with a list of Selector.

• repeated Selector entries = 1

  * A list of Selector.