You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We would like to see if Akeyless can be added to the list of KMS Providers.
As per KMS Provider guidelines, here are our notes regarding each requirement:
• Maintainers of Sigstore are familiar with the provider and able to debug issues with the provider and with end-to-end tests. While we can’t speak for the maintainers of Sigstore, we are pretty sure Akeyless has been seen quite a bit, especially as we are a known competitor to HashiCorp Vault.
• There is significant community interest in the KMS provider. Akeyless has numerous customers in the Forbes 500 list as well as many mid-size enterprise customers. We are also a frequent sponsor of community events.
• The provider is well-maintained with regular contributions (if open source) and releases should be frequent. The license must be compatible with the Apache 2.0 license. Yes, we regularly maintain all of our various integrations with projects. We will also be making this specific integration open source. And it is compatible with Apache 2.0.
• The provider has not had significant security and/or privacy vulnerabilities. Sigstore reserves the right to remove support for a provider if it is shown to not take security and/or privacy seriously. We have not had any security or privacy vulnerabilities and security is our highest priority with anything we build.
• The PR contains sufficient unit and end-to-end tests. Yes, it does.
Thanks for your consideration!
The text was updated successfully, but these errors were encountered:
In reference to PR: #1638
We would like to see if Akeyless can be added to the list of KMS Providers.
As per KMS Provider guidelines, here are our notes regarding each requirement:
• Maintainers of Sigstore are familiar with the provider and able to debug issues with the provider and with end-to-end tests.
While we can’t speak for the maintainers of Sigstore, we are pretty sure Akeyless has been seen quite a bit, especially as we are a known competitor to HashiCorp Vault.
• There is significant community interest in the KMS provider.
Akeyless has numerous customers in the Forbes 500 list as well as many mid-size enterprise customers. We are also a frequent sponsor of community events.
• The provider is well-maintained with regular contributions (if open source) and releases should be frequent. The license must be compatible with the Apache 2.0 license.
Yes, we regularly maintain all of our various integrations with projects. We will also be making this specific integration open source. And it is compatible with Apache 2.0.
• The provider has not had significant security and/or privacy vulnerabilities. Sigstore reserves the right to remove support for a provider if it is shown to not take security and/or privacy seriously.
We have not had any security or privacy vulnerabilities and security is our highest priority with anything we build.
• The PR contains sufficient unit and end-to-end tests.
Yes, it does.
Thanks for your consideration!
The text was updated successfully, but these errors were encountered: