Agent Attestation Methods
Agent attestation methods are the mechanisms by which the Trust Domain Server verifies the identity of an agent at login time. The server issues a session to the agent only if the agent satisfies the configured attestation requirements.
Policies
Agent attestation is configured via policies. Each policy contains one or more required attestors that must all pass. Multiple policies can be defined for a single cluster; an agent is authorized if it satisfies any one policy.
This gives you two composition patterns:
AND (all required within a policy) — agent must pass both Kubernetes PSAT and AWS identity:
section: AgentAttestation
schema: v1
spec:
policies:
- name: eks_cluster_policy
requiredAttestors:
- type: k8s_token
config:
issuerURL: https://oidc.eks.us-east-1.amazonaws.com/id/ABCDEF123456
- type: aws_iid
OR (multiple policies) — agent can authenticate via Kubernetes PSAT or SSH:
section: AgentAttestation
schema: v1
spec:
policies:
- name: k8s_policy
requiredAttestors:
- type: k8s_token
config:
issuerURL: https://oidc.eks.us-east-1.amazonaws.com/id/ABCDEF123456
- name: ssh_policy
requiredAttestors:
- type: ssh_pop
config:
certAuthorities:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA..."
Applying Configuration
Agent attestation policies are applied per-cluster using Managed Configuration.
Using spirlctl
spirlctl config set cluster --id <cluster-id> attestation-policy.yaml
Using Terraform
resource "spirl_cluster_config" "agent_attestation" {
cluster_id = spirl_cluster.my_cluster.id
sections = {
AgentAttestation = <<-YAML
section: AgentAttestation
schema: v1
spec:
policies:
- name: eks_cluster_policy
requiredAttestors:
- type: k8s_token
config:
issuerURL: https://oidc.eks.us-east-1.amazonaws.com/id/ABCDEF123456
YAML
}
}
Once a configuration document passes validation and is stored, the Defakto control plane syncs it to your Trust Domain Servers automatically. No server or agent restart is required.
Attributes available for SVID issuance
Most attestation methods produce attributes derived from the agent's verified identity. These attributes are available for use in:
Attributes from agent attestation are scoped to the agent session. They complement workload attributes, which are collected per SVID request.
Available Methods
| Method | Type identifier | Attributes produced | Common use case |
|---|---|---|---|
| AWS Identity Document | aws_iid | EC2 instance metadata, tags, IAM role | AWS EC2 instances |
| AWS Web Identity Token | aws_token | Account, org, IAM tags | AWS workloads with IAM outbound federation |
| Azure IMDS | azure_imds | VM metadata, tags, VMSS, network | Azure VMs without Managed Identity |
| Azure MSI | azure_msi | Tenant ID, principal ID | Azure VMs with Managed Identity |
| Agent Attestation Extension | extension | Custom (webhook-defined) | Organization-specific agent verification via external webhook |
| GCP Instance Identity Token | gcp_iit | Project, instance, zone, labels | GCP Compute Engine VMs |
| HTTP DNS | http_dns | Hostname, port | Non-cloud VMs with DNS control |
| Kubernetes Service Account Token | k8s_token | Default Kubernetes attributes | K8s agents |
| SSH Proof of Possession | ssh_pop | Certificate principals, serial, validity | Hosts with SSH host certificates |
| TPM Endorsement Key | tpm_ek | Hardware fingerprint, manufacturer | Bare-metal, hardware-rooted trust |
| X.509 Proof of Possession | x509pop | Certificate identity, URI SANs | Pre-provisioned certs (PKI-heavy environments) |