Skip to content

Add support for fetching keys from a JWKS endpoint#777

Open
SgtCoDFish wants to merge 1 commit intomasterfrom
keyfetch
Open

Add support for fetching keys from a JWKS endpoint#777
SgtCoDFish wants to merge 1 commit intomasterfrom
keyfetch

Conversation

@SgtCoDFish
Copy link
Contributor

@SgtCoDFish SgtCoDFish commented Feb 19, 2026

This requires changing a few function signatures and plumbing some things together.

Notably, I don't want to have a second service discovery client and send duplicate calls off, so I shared the service discovery client from the CyberArk client and added caching of responses to the service discovery client.

Likewise, I needed to handle auth for the jwks endpoint. I'd rather not have to have a second identity client (we could just have one) but this works for now.

Unfortunately, that means this is much longer than I'd have hoped but most of the changes are pretty simple.

@SgtCoDFish SgtCoDFish force-pushed the keyfetch branch 20 times, most recently from 49fefca to 0337378 Compare February 25, 2026 17:13
This requires changing a few function signatures and plumbing some
things together.

Notably, I don't want to have a second service discovery client and send
duplicate calls off, so I shared the service discovery client from the
CyberArk client and added caching of responses to the service discovery
client.

I also had to share credentials for auth.

Also removes encrypted-secrets example

The machinehub mode is required for key fetching, but
doesn't play nicely with one shot mode and the example hangs.

Secret encryption is covered in the e2e tests, so just
remove the example for simplicity

Signed-off-by: Ashley Davis <ashley.davis@cyberark.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant