Can I integrate Zot with an external authorization such as OPA? #3680
Replies: 1 comment 1 reply
-
|
Hi @peter-facko, the only way to avoid including the permissions configuration in the zot config file is to use bearer token authentication. For bearer use case we consume this type of tokens: https://distribution.github.io/distribution/spec/auth/jwt/ |
Beta Was this translation helpful? Give feedback.
-
|
@andaaron, thank you for the reference. My organization's current goal is to use mTLS with SPIFFE for authentication into Zot. We were very pleased by the recent addition of better support for mTLS. We would also like to keep all permissions and policies in OPA, so we need to be able to point Zot to an external authorizer. It doesn't have to be an integration with OPA specifically. It could be any hook. We would be happy to implement a bridge between Zot and OPA if there was such an option. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello, I am researching ways to centralize authorization in our organization. Is it possible to have Zot query an external source for authorization?
The expressiveness of the current authorization https://zotregistry.dev/v2.1.12/articles/authn-authz/#authorization is sufficient, but we would like to have a common language and place for all permissions inside the organization.
Beta Was this translation helpful? Give feedback.
All reactions