Loading...

XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: None
Labels:

Epic Name:
Azure workload identity Service Account Signer Key Rotation
Blocked:
False
Blocked Reason:
None
Ready:
False
Color Status:
Not Selected
Epic Status:
To Do
Feature Link:
OCPSTRAT-1727 - Signing keys rotation with Openshift Azure Entra Workload ID enabled clusters
Parent Link:
OCPSTRAT-1727Signing keys rotation with Openshift Azure Entra Workload ID enabled clusters
Hierarchy Progress Bar:

75% To Do, 25% In Progress, 0% Done

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Intelligence Requested:
Market:

As an OpenShift Administrator, I need to ensure that I rotate signing keys for self-managed Openshift Azure Entra Workload ID enabled clusters to comply with PCI-DSS v4 (see #8 on life cycle management) and NIST (see PCI “Tokenization Product Security Guidelines”) rules.

Enable support for rotating service account signer keys for OIDC issuer for customers who configure Azure ManualMode w/ workload identity option.

relates to

CCO-494 [Spike] Document how to rotate service accounts on GCP

CCO-578 AWS STS Service Account Signer Key Rotation

links to

https://access.redhat.com/articles/regenerating_cluster_certificates

https://github.com/abutcher/sa-key-rotation

Assignee:: Jeremiah Stuever

Reporter:: Jeremiah Stuever

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/10/23 8:57 PM

Updated:: 2024/10/24 8:26 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates