Envoy JWT Auth Helper

[gadinaor-r7]

Looking at the tutorials - https://spiffe.io/docs/latest/microservices/envoy-jwt/readme/#about-envoy-jwt-auth-helper

There is a reference to Envoy JWT Auth Helper and a reference to this docker image us.gcr.io/scytale-registry/envoy-jwt-auth-helper

      - name: auth-helper
        image: us.gcr.io/scytale-registry/envoy-jwt-auth-helper@sha256:e55ce5fd42f13c5475b285a848c5f83bc4a335a93d7f934d3ac884920045fc96
        imagePullPolicy: IfNotPresent
        args:  ["-config", "/run/envoy-jwt-auth-helper/config/envoy-jwt-auth-helper.conf"]
        ports:
        - containerPort: 9011
        volumeMounts:
        - name: envoy-jwt-auth-helper-config
          mountPath: "/run/envoy-jwt-auth-helper/config"
          readOnly: true
        - name: spire-agent-socket
          mountPath: /run/spire/sockets
          readOnly: true

Where is the source code of this image ?

[evan2645]

Hmm, we may have lost this source .. I am surprised that the registry is still online, since Scytale no longer exists.

If you're looking for an example of how to do this, here is one you can reference: https://github.com/github/emissary

As for tracking down the source and/or updating the reference to something else, I've opened spiffe/spiffe.io#234 would be great to get your thoughts there on what you'd like to see happen.

[gadinaor-r7]

@evan2645 thanks Evan - I am familiar with github/emissary - I would guess that the Scytale example is simpler :)

[evan2645]

Sorry about that @gadinaor-r7

I can't speak to the complexity around building the envoy extension and serving its api, but in terms of all the SPIFFE related things you will need to do in such an extension, perhaps this helps?

https://github.com/spiffe/go-spiffe/tree/main/v2/examples/spiffe-jwt

Attach to workload api, use it to mint JWT-SVIDs or use it to validate them... simple example there, but no envoy bits