How does CA rotation after a leaked talosconfig work?
#12540
-
|
Hello, I am researching rotating CAs in Talos for my organization, and I don't understand one part. If a motivation for rotating CAs could be a leaked Is it correct to say that if an attacker acquired |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
If a malicious actor got access to admin-level So yes, they can rotate the CA before you have access to the cluster locking you out, or they could try to stay undetected. CA rotation ensures that whoever had A better option is to use Omni which never exposes client certificates to the user and acts as an authentication proxy which is tied into the identity provider e.g. via SAML. This problem doesn't exist with Omni. |
Beta Was this translation helpful? Give feedback.
If a malicious actor got access to admin-level
talosconfig, they effectively have control over the cluster, it's no different than leakingrootpassword on a traditional UNIX system.So yes, they can rotate the CA before you have access to the cluster locking you out, or they could try to stay undetected.
CA rotation ensures that whoever had
talosconfigin the past, they can't access Talos API anymore.A better option is to use Omni which never exposes client certificates to the user and acts as an authentication proxy which is tied into the identity provider e.g. via SAML. This problem doesn't exist with Omni.