2025-06-30 –, Room 1
With the rise in popularity of open-source standards and tools like SPIFFE and SPIRE, it’s never been easier to get off the ground with issuing all your workloads a flexible cryptographic identity.
But this is just the start of your workload identity journey! The real challenge begins in putting these identities to work in your infrastructure in replacing legacy authentication mechanisms such as long-lived shared secrets. It’s difficult to know where to get started.
This talk will:
- Briefly outline SPIFFE and Workload Identity
- Explore the options for using SPIFFE for authentication and authorization, with a focus on techniques appropriate for existing infrastructure
- Dive into a handful of practical examples of introducing SPIFFE-based authentication between legacy services, and, between legacy services and Cloud APIs
- Describe higher-level strategies for rolling out workload identity in an organization, based on experience helping large organizations approach this work
Dave Sudia went from Platform Engineering to Product Engineering; in both roles he has had to stand up infrastructure in repeatable but constantly evolving architectures, taking into account usability, security, and scalability. He is the world's biggest fan of Infrastructure-as-Code. By day you'll find him enabling developers to do their best work and by night you'll find him hanging with his kid, whose hobbies are now Dave's hobbies.