logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

🦝 Secure the Build, Secure the Cloud: Using OIDC Tokens in CI/CD Pipelines

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Alex Ilgayev, Elad Pticha
2023-04-21

tldr - powered by Generative AI

The presentation discusses the importance of secure authentication in CI/CD pipelines and the potential vulnerabilities of using tokens. The solution proposed is to use OpenID Connect (OIDC) for authentication.
  • CI/CD pipelines require secure authentication with third-party providers
  • Tokens are a popular method of authentication but can be vulnerable to breaches
  • Examples of breaches include CircleCI and Codecov
  • OpenID Connect (OIDC) is a solution that extends the capabilities of OAuth 2.0 and uses JSON web tokens (JWT) for authentication
  • OIDC is standardized and allows for third-party verification of user identity
Tags:
cloud computing
access control
OIDC
CI/CD
authentication

Everything Wrong with K8s Authentication and How We Worked Around It

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Mo Khan, Margo Crawford
2021-10-15

tldr - powered by Generative AI

The presentation discusses the importance of secure identity assertion in Kubernetes clusters and presents a workaround using X.509 client certificates.
  • Impersonation proxies in Kubernetes have had critical CVEs in the past
  • Using the standard library instead of Kubernetes for critical code is safer
  • X.509 client certificates are a secure way to assert identity in Kubernetes
  • Piniped provides a workaround for revoking certificates using the cluster signing key
Tags:
Kubernetes
authentication
OIDC
LDAP
federated login