I have untrusted sprites that I want to be able to connect to a service on another (more trusted) sprite securely.
- Using private sprite URLs does not work, since then I would need to give the untrusted sprite an API token (which grants further privileges)
- Using public URL is an obvious no-go
- Using something else like tailscale works, but it will not auto-wake the sprite when it is sleeping.
Either of the following would help:
- a) the ability to define policies which sprite (e.g. based on name patterns) may talk to which one, without needing additional authentication.
- b) the ability to issue fine-grained tokens via the api (e.g.: Can talk to sprite X/port Y) that can then be given to untrusted sprites.