logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Moritz Johner
2023-04-19

tldr - powered by Generative AI

The presentation discusses the challenges of managing secrets in a complex IT environment and introduces the Kubernetes External Secrets Operator as a solution.
  • Secrets are essential in IT environments and need to be managed securely
  • Managing secrets is a complex task that requires centralization, lifecycle management, access control, integration, and tooling
  • The Kubernetes External Secrets Operator is a solution that automates the process of fetching secrets from external providers and storing them as Kubernetes secrets
  • The operator uses custom resources such as Secret Store and External Secret to abstract the details of the provider and the secret
  • The operator is a community-driven project that has joined the CNCF as a Sandbox project
Authors: Ric Featherstone
2022-05-20

tldr - powered by Generative AI

The presentation discusses the importance of machine identity and workload identity in securing cloud native systems. It explores the issues with traditional authentication mechanisms and proposes solutions using open source implementations and technologies.
  • Historically, identifiers such as IP addresses, passwords, and certificates were used for authentication, but they are no longer effective in a dynamic cloud native system.
  • Machine identity and workload identity are crucial for securing cloud native systems.
  • Secrets management and access control rely on workload identity or secret zero.
  • Cloud credentials can be obtained using OpenID Connect (OIDC) and can be used for authorization.
  • SPIFFY and SPIRE provide an identity framework for workload identity and machine identity.
  • SPIFFY ID is a URI format that represents the identifier for a workload.
  • SPID documents are short-lived and rotated frequently.
  • SPID documents are verified using cryptography and trust bundles.
  • SPIRE is an implementation of the SPIFFY standards that includes an agent and server.
  • The agent attests to the server, and workloads attest to the agent to map selectors to workload identities.