RFC: AWS KMS credentials config restructure & EKS workload authentication
1 view
Skip to first unread message
Robert Young
Apr 13, 2026, 5:40:14 PM (11 days ago) Apr 13
to kroxylic...@googlegroups.com
We have a new design proposal to consider which covers:
1. refactoring to introduce a `credentials` node to the AWS KMS configuration
2. Adds two new credential providers for Amazon EKS pods.
i. IRSA exchanges a projected OIDC token via STS AssumeRoleWithWebIdentity
ii. Pod Identity calls the local Pod Identity Agent.
https://github.com/kroxylicious/design/pull/97
Thanks to contributor Oleksiy Pylypenko
1. refactoring to introduce a `credentials` node to the AWS KMS configuration
2. Adds two new credential providers for Amazon EKS pods.
i. IRSA exchanges a projected OIDC token via STS AssumeRoleWithWebIdentity
ii. Pod Identity calls the local Pod Identity Agent.
https://github.com/kroxylicious/design/pull/97
Thanks to contributor Oleksiy Pylypenko
Robert Young
Apr 19, 2026, 6:11:21 PM (5 days ago) Apr 19
to kroxylic...@googlegroups.com
Hi! We now have two approvals on this design, Keith & me.
I intend to merge this tomorrow, around 10pm UTC on Monday if there are no objections by then.
Thanks
Rob Young
I intend to merge this tomorrow, around 10pm UTC on Monday if there are no objections by then.
Thanks
Rob Young
Robert Young
Apr 21, 2026, 3:14:39 AM (4 days ago) Apr 21
to kroxylic...@googlegroups.com
I just merged this proposal.
Thanks again Oleksiy!
Reply all
Reply to author
Forward
0 new messages