This would also make it much easier to meet new data security compliance items in Australia.

This particular item caught my eye @bartonip - any specifics re: new data security compliance items? (medibank/optus or something else...)

This particular item caught my eye @bartonip - any specifics re: new data security compliance items? (medibank/optus or something else...)

@ghuntley Our core product deals with health data and more and more of the gov agencies we deal with have new compliance items on source control and dev environment access as part of their conformance/compliance process.

There is the potential for this to be solved under a U2F FIDO2 implementation.

This would also benefit the use of pre-generated SSH keys stored on devices such as YubiKeys.

As a workaround, you can enforce 2FA in your identity provider + enforce short sessions with CODER_MAX_SESSION_EXPIRY and CODER_DISABLE_SESSION_EXPIRY_REFRESH. You can see these in coder-server --help.

With that being said, we are open to OSS contributions for Yubikey docs (#6226), webauthn support (#6170), or TOTP. We'd love to eventually focus on this, but have no concrete plans on our roadmap.

Additionally, if you have a strong requirement for one of these before you can adopt Coder, we'd like to hear from you since that can influence our roadmap: coder.com/contact.

Ironically I can't enforce 2FA in my IdP because of issue #4505. Some of our accounts were registered before we set up OIDC and now we are stuck with password only authentication.

Hey @bpmct

Currently in contact with Michael on your sales team.

The ideal use case would to be able to use the PGP and PIV stored on the Yubikey within each VM.

These are then used for mTLS, Tailscale, commit signing, etc.

This issue is becoming stale. In order to keep the tracker readable and actionable, I'm going close to this issue in 7 days if there isn't more activity.

Sure thing!

Shoot me an email!