Fulcio OIDC Issuers
Definition
Fulcio OIDC Issuers are OpenID Connect (OIDC) providers that are trusted by the Fulcio Certificate Authority (CA) to authenticate identities for issuing certificates. Fulcio is part of the Sigstore project, which aims to improve the security of software supply chains by providing a transparent and secure way to sign and verify software artifacts. The OIDC issuers play a crucial role in ensuring that only authenticated and authorized entities can request certificates from Fulcio.
Secure Settings Example
# Example configuration for a secure Fulcio OIDC issuer setup
fulcio:
oidc_issuers:
- name: "Google"
issuer_url: "https://accounts.google.com"
client_id: "your-google-client-id"
- name: "GitHub"
issuer_url: "https://github.com/login/oauth"
client_id: "your-github-client-id"
require_https: true
allowed_audiences:
- "sigstore"
Insecure Settings Example
# Example of an insecure Fulcio OIDC issuer setup
fulcio:
oidc_issuers:
- name: "ExampleIssuer"
issuer_url: "http://example.com" # Insecure: HTTP instead of HTTPS
client_id: "example-client-id"
require_https: false # Insecure: HTTPS not enforced
allowed_audiences:
- "*" # Insecure: Wildcard audience allows any audience