gRPC plugin API for signers #4761

matt-allan · 2026-04-29T13:35:25Z

matt-allan
Apr 29, 2026

I read through #1907 and #1020 which discuss adding a gRPC API for connectors. I think that would be great. I'm wondering if a gRPC plugin API would make sense for the Signer interface too.

My only option right now for signing keys is to either store the key material in the database or use Vault. I would prefer to use my cloud's KMS or secret manager. A gRPC API would allow adding the signer without pulling cloud vendor SDKs into Dex. The main downside is the user has to run a sidecar service.

Config would be something like this:

signer:
  type: grpc
  config:
    addr: 127.0.0.1:5557
    tlsCert: examples/grpc-client/server.crt
    tlsKey: examples/grpc-client/server.key
    tlsClientCA: examples/grpc-client/ca.crt

nabokihms · 2026-04-29T13:45:42Z

nabokihms
Apr 29, 2026
Maintainer

Hi @matt-allan, we are investigating the right way to plug connectors / storages to Dex. The latest idea was described in #4578

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

gRPC plugin API for signers #4761

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

gRPC plugin API for signers #4761

Uh oh!

matt-allan Apr 29, 2026

Replies: 1 comment

Uh oh!

nabokihms Apr 29, 2026 Maintainer

matt-allan
Apr 29, 2026

nabokihms
Apr 29, 2026
Maintainer