February 1-2, 2023 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Wednesday, February 1 • 2:45pm - 3:20pm
Zero Trust Workload Identity in Kubernetes - Michael Peters, Red Hat

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Zero Trust principles proscribe that no interactions between services are to be done with any implicit trust. Most current solutions to explicit authorization involve passwords or secret keys, but it's almost impossible to count the number of security breaches that happen because service passwords or keys are improperly stored, not rotated frequently enough or exposed during rollouts. Every new service added has the potential to exponentially complicate how we secure and deploy those secrets. But what if there was a simpler solution? What if we didn't need those secrets at all? What if the authorization was tied to the workload's identity itself? This is the goal of SIFFE (the spec) and Spire (the implementation). In this talk we'll show how to implement a Zero Trust system that uses workload identity across a service mesh in Kubernetes to provide explicit authorization between services. We'll explore centralized policy enforcement between those services as well as integrations with up and coming projects like Keylime (for identity tied to hardware attestation) and Sigstore (for identity during software builds).

avatar for Michael Peters

Michael Peters

Principal Engineer, Red Hat
Michael Peters is a Principal Engineer in Emerging Technologies in Red Hat's Office of the CTO. He is a senior systems engineer and programmer with an emphasis on DevOps, Security, and Operability and is one of the current maintainers of the Keylime project. His experience in both... Read More →

Wednesday February 1, 2023 2:45pm - 3:20pm PST
Room 609