Storing hardware keys attestations
As an outcome of a 2026 all-hands session, Project members with infra access were granted two Yubico YubiKeys. As a follow-up, we should have a way to allow people to share attestation files related to authentication ans signing keys stored inside a YubiKey through the PIV support, since those should play a role in future projects.
This repo is a good canditate to store such attestation files, since we can correlate these files with (actual) team members and
eventually expose them (or some derivative information) using the team static API if needed.
Discussion points / design decisions:
- which folder or covention should we use to store these files?
- which TOML schema changes are needed (if any)?
- which additional tooling do we need to support these attestation files (if any)?
Storing hardware keys attestations
As an outcome of a 2026 all-hands session, Project members with infra access were granted two Yubico YubiKeys. As a follow-up, we should have a way to allow people to share attestation files related to authentication ans signing keys stored inside a YubiKey through the PIV support, since those should play a role in future projects.
This repo is a good canditate to store such attestation files, since we can correlate these files with (actual) team members and
eventually expose them (or some derivative information) using the
teamstatic API if needed.Discussion points / design decisions: