Throw Away Your Passwords - Trusting Workload Identity in Cloud Native Systems

Explore the concept of workload identity and its importance in securing cloud native systems in this 34-minute conference talk by Ric Featherstone from ControlPlane. Delve into the challenges of establishing trust in dynamic environments and learn why traditional authentication methods like IP addresses, passwords, and certificates may no longer suffice. Discover how to demystify machine identity, its connection to secrets management, and access control. Examine the shortcomings of historical approaches in cloud native settings and uncover solutions to the "bottom turtle" trust bootstrap problem. Evaluate available open source implementations and technologies for workload identity. Gain practical insights through demonstrations on acquiring workload identity and secret zero. Envision a future where dynamic credentials and hardware roots of trust replace static passwords and keys, enhancing overall system security.