Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

• eCapture @ GitHub.
• 115 - RADIUS/UDP Considered Harmful @ Feisty Duck's Cryptography & Security Newsletter.

Universal identity control plane for distributed systems. SPIFFE and SPIRE provide strongly attested, cryptographic identities to workloads across a wide variety of platforms.

SPIFFE and SPIRE provide a uniform identity control plane across modern and heterogeneous infrastructure. Since software and application architectures have grown substantially, they are spread across virtual machines in public clouds and private data centers. Security models for the organizations that manage them must keep up with these infrastructure technologies. And this is where SPIFFE and SPIRE come in. With SPIFFE/SPIRE, developers and operators can build software using new infrastructure technologies, while allowing security teams to step back from time-consuming security processes.

• SPIFFE @ GitHub.

A local https proxy server using docker as backend.

• Ophiuchi @ GitHub.
• Lundi 01 Juillet 2024 @ RudeOps :fr:.

CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates. It requires Go 1.16+ to build.

Automatically provision and manage TLS certificates in Kubernetes.
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates.
It supports issuing certificates from a variety of sources, including Let's Encrypt (ACME), HashiCorp Vault, and Venafi TPP / TLS Protect Cloud, as well as local in-cluster issuance.
cert-manager also ensures certificates remain valid and up to date, attempting to renew certificates at an appropriate time before expiry to reduce the risk of outages and remove toil.

Cloud native certificate management. X.509 certificate management for Kubernetes and OpenShift.

cert-manager creates TLS certificates for workloads in your Kubernetes or OpenShift cluster and renews the certificates before they expire.

• cert-manager @ GitHub.

Hitch is a libev-based high performance SSL/TLS proxy by Varnish Software.