I am looking into methods to automatically let my incus instances authenticate to openbao.
I think the holy-grail type solution would be if Incus acts as an oidc provider providing signed tokens via the instance API, allowing a deployment scenario similar to: kubernetes | OpenBao
However unless I am very mistaken that is currently not possible or in development, at least I couldn’t find it documented or in a ticket.
So I am curious about two things:
-
Anyone who can point me to other mechanisms for establishing instance identity that could work here?
-
I may experiment a bit with getting it to work myself in the coming year, would you guys be open to have something like this contributed eventually? Not anytime soon, to be clear
.
Thanks