FIPS-compatible builds of Pinniped binaries
By default, the Pinniped supervisor and concierge use ciphers that
are not supported by FIPS 140-2. If you are deploying Pinniped in an
environment with FIPS compliance requirements, you will have to build
the binaries yourself using the
fips_strict build tag and Golang’s
The Pinniped team provides an example Dockerfile demonstrating how you can build Pinniped images in a FIPS compatible way. However, we do not provide official support for FIPS configuration, and we may not respond to GitHub issues opened related to FIPS support. We provide this for informational purposes only.
To build Pinniped use our example fips Dockerfile, you can run:
$ git clone firstname.lastname@example.org:vmware-tanzu/pinniped.git
$ cd pinniped
$ git checkout v0.28.0
$ docker build -f hack/Dockerfile_fips .