Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Throw Away Your Passwords: Trusting Workload Identity - Ric Featherstone, ControlPlane
Trust is required to secure our systems: we need it to bootstrap infrastructure, to run workloads, and to reassure our customers of their privacy. But how do we establish and secure this "trust" in a dynamic cloud native system?
Historically we relied upon identifiers such as IP addresses, passwords, and certificates, but can we do better than these antiquated authentication mechanisms? In this talk we:
Demystify machine identity and its relationship to secrets management and access control
Discuss the issues with historical approaches in a cloud native environment
Solve the "bottom turtle" trust bootstrap quandary
Appraise the open source implementations and technologies available to you
Demonstrate practical examples of how to acquire a workload identity or secret zero
Strive for a world in which passwords and static keys are replaced by dynamic credentials and hardware roots of trust