Workload Identity API & Workload Attestation

The Workload Identity API service ( workload-identity-api ) is a configurable tbot service that allows workloads to request JWT and X509 workload identity credentials on-the-fly.

It's a more secure alternative to writing credentials to disk and supports performing a process known as workload attestation to determine attributes of the workload before issuing credentials.

The Workload Identity API is compatible with two standards:

In addition to issuing credentials to workloads, the Workload Identity API can also provide the trust bundle necessary for workloads to validate the credentials of other workloads.

type: workload-identity-api listen: unix:///opt/machine-id/workload.sock attestors: docker: enabled: true addr: unix:///var/run/docker.sock kubernetes: enabled: true kubelet: read_only_port: 10255 secure_port: 10250 token_path: "/var/run/secrets/kubernetes.io/serviceaccount/token" ca_path: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" skip_verify: true anonymous: false podman: enabled: true addr: unix:///run/podman/podman.sock sigstore: enabled: true additional_registries: - host: ghcr.io credentials_path: /path/to/docker/config.json allowed_private_network_prefixes: - "192.168.1.42/32" - "fd12:3456:789a:1::1/128" systemd: enabled: true unix: binary_hash_max_size_bytes: 1024 selector: name: foo labels: app: [ foo , bar ]

The Workload Identity API implements the SPIFFE Workload API, a standardized API for workloads to request workload identity credentials and trust bundles.

Via this API, both JWT and X509 workload identity credentials can be issued.

Workload Attestation is the process completed by tbot to assert the identity of a workload that has connected to the Workload API and requested credentials.

Workload Attestors are the individual components that perform this attestation. They use the process ID of the workload to gather information about the workload from platform-specific APIs. For example, the Kubernetes Workload Attestor queries the local Kubelet API to determine which Kubernetes pod the process belongs to.

The result of this attestation process is known as attestation metadata. This attestation metadata can be included in the rules or templates you configure as part of a WorkloadIdentity resource.

The Unix Workload Attestor is the most basic attestor and allows you to restrict the issuance of workload identities to specific Unix processes based on a range of criteria.

To resolve information about a process from the PID, the Unix Workload Attestor reads information from the procfs filesystem. By default, it expects procfs to be mounted at /proc .

If procfs is mounted at a different location, you must configure the Unix Workload Attestor to read from that alternative location by setting the HOST_PROC environment variable.

This is a sensitive configuration option, and you should ensure that it is set correctly or not set at all. If misconfigured, an attacker could provide falsified information about processes, and this could lead to the issuance of SVIDs to unauthorized workloads.

The Unix Workload Attestor captures the path and a SHA-256 checksum of the workload's executable using the /proc/$pid/exe symlink. There are a number of important considerations when using these attributes in your rules:

tbot can only reliably determine the a process' executable path if it's running in the same mount namespace. The binary_path attribute will likely be incorrect if the workload is containerized.

can only reliably determine the a process' executable path if it's running in the same mount namespace. The attribute will likely be incorrect if the workload is containerized. Because /proc/$pid/exe is a symlink to an inode rather than a regular path, it's usually an accurate representation of what the process is executing even if the binary has been replaced on disk (e.g. during a rolling deployment). However, network filesystems do not guarantee inode stability, so if the process's executable is on a network mount, it's possible for binary_hash to be out of date.

is a symlink to an inode rather than a regular path, it's usually an accurate representation of what the process is executing even if the binary has been replaced on disk (e.g. during a rolling deployment). However, network filesystems do not guarantee inode stability, so if the process's executable is on a network mount, it's possible for to be out of date. By default, tbot will only checksum binaries smaller than 1GiB. To change this, increase attestors.unix.binary_hash_max_size_bytes .

The Kubernetes Workload Attestor allows you to restrict the issuance of workload identities to specific Kubernetes workloads based on a range of criteria.

It works by first determining the pod ID for a given process ID and then by querying the local kubelet API for details about that pod.

To use Kubernetes Workload Attestation, tbot must be deployed as a daemon set. This is because the unix domain socket can only be accessed by pods on the same node as the agent. Additionally, the daemon set must have the hostPID property set to true to allow the agent to access information about processes within other containers.

The daemon set must also have a service account assigned that allows it to query the Kubelet API. This is an example role with the required RBAC:

kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tbot rules: - resources: [ "pods" , "nodes" , "nodes/proxy" ] apiGroups: [ "" ] verbs: [ "get" ]

Mapping the Workload API Unix domain socket into the containers of workloads can be done in two ways:

Directly configuring a hostPath volume for the tbot daemonset and workloads which will need to connect to it.

daemonset and workloads which will need to connect to it. Using spiffe-csi-driver.

Example manifests for required Kubernetes resources:

kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tbot rules: - resources: [ "pods" , "nodes" , "nodes/proxy" ] apiGroups: [ "" ] verbs: [ "get" ] kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tbot subjects: - kind: ServiceAccount name: tbot namespace: default roleRef: kind: ClusterRole name: tbot apiGroup: rbac.authorization.k8s.io apiVersion: v1 kind: ServiceAccount metadata: name: tbot namespace: default apiVersion: v1 kind: ConfigMap metadata: name: tbot-config namespace: default data: tbot.yaml: | version: v2 onboarding: join_method: kubernetes # replace with the name of a join token you have created. token: example-token storage: type: memory # ensure this is configured to the address of your Teleport Proxy Service. proxy_server: example.teleport.sh:443 services: - type: workload-identity-api listen: unix:///run/tbot/sockets/workload.sock attestor: kubernetes: enabled: true kubelet: # skip verification of the Kubelet API certificate as this is not # usually issued by the cluster CA. skip_verify: true selector: name: example-workload-identity apiVersion: apps/v1 kind: DaemonSet metadata: name: tbot spec: selector: matchLabels: app: tbot template: metadata: labels: app: tbot spec: securityContext: runAsUser: 0 runAsGroup: 0 hostPID: true containers: - name: tbot image: public.ecr.aws/gravitational/tbot-distroless:17.0.0-dev imagePullPolicy: IfNotPresent securityContext: privileged: true args: - start - -c - /config/tbot.yaml - --log-format - json volumeMounts: - mountPath: /config name: config - mountPath: /var/run/secrets/tokens name: join-sa-token - name: tbot-sockets mountPath: /run/tbot/sockets readOnly: false env: - name: TELEPORT_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: KUBERNETES_TOKEN_PATH value: /var/run/secrets/tokens/join-sa-token serviceAccountName: tbot volumes: - name: tbot-sockets hostPath: path: /run/tbot/sockets type: DirectoryOrCreate - name: config configMap: name: tbot-config - name: join-sa-token projected: sources: - serviceAccountToken: path: join-sa-token expirationSeconds: 600 audience: example.teleport.sh

The Docker Workload Attestor allows you to restrict the issuance of workload identities to specific Docker containers based on a range of criteria.

It works by first determining the container for a given process and then by querying the Docker Engine API for details about it.

By default, tbot will attempt to connect to the Docker daemon via a Unix domain socket located at /var/run/docker.sock as this is the standard location for "rootful" Docker deployments.

Unless tbot is also running as root, you'll need to add its user to the docker group to grant it permission to access this socket:

sudo usermod -a -G docker $TBOT_USER

When running Docker in "rootless" mode the daemon's socket will be located at $XDG_RUNTIME_DIR/docker.sock by default, making it inaccessible to other non-root users.

If you do not want to run tbot as the same user as Docker or as root, you can override this by creating a configuration file under ~/.config/docker with the following contents:

{ "hosts" : [ "unix://path/to/socket" ] }

The Podman Workload Attestor allows you to restrict the issuance of workload identities to specific Podman containers and pods based on a range of criteria.

It works by first determining the container and pod for a given process and then by querying the Podman API Service for details about them.

Podman differs from Docker in that it doesn't use a long-running daemon process. Instead, the API service is typically started on demand using socket activation.

Granting tbot access to the Podman API requires different steps depending on whether you're running "rootfully" or "rootlessly" - it is for this reason we do not provide a default value for the attr config option.

If you're running Podman as root, enable the API service by running:

sudo systemctl enable --now podman.socket

At this point, the service can be reached at /run/podman/podman.sock but only by root. If you do not want to run tbot as root, you can override the default systemd unit to make the socket owned by a group your tbot user belongs to:

sudo groupadd podman-root sudo usermod -a -G podman-root $TBOT_USER sudo systemctl edit podman.socket

In the override file add:

[Socket] SocketGroup=podman-root

Reload the systemd daemon and restart the socket unit:

sudo systemctl daemon-reload sudo systemctl restart podman.socket

If you're running Podman as a non-root user, enable and start the API service by running:

sudo loginctl enable-linger $PODMAN_USER systemctl --user enable --now podman.socket

The service can now be reached at $XDG_RUNTIME_DIR/podman/podman.sock , but only by your chosen podman user or root. If you do not want to run tbot as the same user or as root, you can override the default systemd unit to move the socket out of $XDG_RUNTIME_DIR and add your tbot user to the podman user's group:

sudo usermod -a -G $PODMAN_USER_GROUP $TBOT_USER systemctl --user edit podman.socket

In the override file add:

[Socket] ListenStream=/path/to/socket # Example: /srv/podman.$PODMAN_USER/podman.sock

Reload the systemd daemon and restart the socket unit:

systemctl --user daemon-reload systemctl --user restart podman.socket

In order for tbot running inside a container to attest workloads in other containers, it must have access to the host's PID namespace. Also, if you are using group permissions to grant tbot access to the Podman socket (see the above examples) you must set the run.oci.keep_original_groups annotation.

podman run \ --pid=host \ --annotation run.oci.keep_original_groups=1 \ --volume /path/to/socket:/path/to/socket \ --volume /path/to/config:/path/to/config \ public.ecr.aws/gravitational/tbot-distroless:17.0.0-dev \ start -c /path/to/config

The Systemd Workload Attestor allows you to restrict the issuance of workload identities to specific Systemd services. It works by interacting with Systemd's D-Bus API to determine the service unit of a given process.

tbot honors the DBUS_SYSTEM_BUS_ADDRESS environment variable, but if it's not set, will default to connecting via a Unix domain socket located at /var/run/dbus/system_bus_socket .

If connecting using this socket fails, tbot will attempt to use the socket located at /run/systemd/private instead, but this is typically only accessible by root.

The Sigstore Workload Attestor allows you to restrict the issuance of workload identities to only workloads running signed container images, reducing the scope for supply chain attacks.

See Sigstore Workload Attestation for more information.

The workload-identity-api service endpoint also implements the Envoy SDS API. This allows it to act as a source of certificates and certificate authorities for the Envoy proxy.

As a forward proxy, Envoy can be used to attach an X.509 SVID to an outgoing connection from a workload that is not SPIFFE-enabled.

As a reverse proxy, Envoy can be used to terminate mTLS connections from SPIFFE-enabled clients. Envoy can validate that the client has presented a valid X.509 SVID and perform enforcement of authorization policies based on the SPIFFE ID contained within the SVID.

When acting as a reverse proxy for certain protocols, Envoy can be configured to attach a header indicating the identity of the client to a request before forwarding it to the service. This can then be used by the service to make authorization decisions based on the client's identity.

When configuring Envoy to use the SDS API exposed by the workload-identity-api service, three additional special names can be used to aid configuration:

default : tbot will return the default SVID for the workload.

: will return the default SVID for the workload. ROOTCA : tbot will return the trust bundle for the trust domain that the workload is a member of.

: will return the trust bundle for the trust domain that the workload is a member of. ALL : tbot will return the trust bundle for the trust domain that the workload is a member of, as well as the trust bundles of any trust domain that the trust domain is federated with.

The following is an example Envoy configuration that sources a certificate and trust bundle from the workload-identity-api service listening on unix:///opt/machine-id/workload.sock . It requires that a connecting client presents a valid SPIFFE SVID and forwards this information to the backend service in the x-forwarded-client-cert header.