What's Up In Workload Identity - September 2024
SPIFFE? WIMSE? All that and more inside the September edition of What's Up in Workload Identity.
Hey!
Welcome to the second edition of What’s Up in Workload Identity, a monthly review of the world of Workload Identity (SPIFFE, WIMSE and much more…)
It’s a world that’s moving fast - and it’s hard to keep up 🚀
You can expect to see each edition covering:
News: significant events in the Workload Identity space
Content: awesome blog posts and talks that have been published
Releases: the latest and greatest changes to Workload Identity tooling
Coming Up: the events and talks you won’t want to miss
Who am I? I’m Noah. I’ve been working in the Workload Identity space for the past few years. I currently work at Teleport, leading the development of our Workload Identity product. That being said, this newsletter is in a personal capacity and I’m keen to keep it unbiased! You can find out more about me on my website.
News
The latest news from the Workload Identity space
KubeCon NA 2024 Schedule Announced
The schedule for KubeCon North America 2024 has dropped and it’s exciting to see so many talks on the topic of Workload Identity and SPIFFE. There’s a good range of content, some at a more introductory level and some diving deep into the inner mechanics of Workload Identity.
Some of the highlights from the schedule:
If you can’t make it to KubeCon NA 2024, rest assured, talks are usually recorded and uploaded in the months following the event.
Content
The best of recent blogs, webinars and talks on Workload Identity
From keyless to careless: Abusing misconfigured OIDC authentication in cloud environments
By Christophe Tafani-Dereeper at BSidesLV
Long Live Short Lived Credentials - Auto-rotating Secrets At Scale
By Dwayne McDaniel at BSidesLV
Zero-Trust mTLS Automation With HAProxy and SPIFFE/SPIRE
By Jakub Suchy (HAProxy Technologies)
https://www.haproxy.com/blog/zero-trust-mtls-automation-with-haproxy-and-spiffe-spire
Getting Started With SPIFFE For Multi-Cloud Secure Workload Authentication
By Mattias Gees (Venafi)
https://blog.gitguardian.com/getting-started-with-spiffe/
Releases
Highlights from recent releases to Workload Identity tools
SPIRE - 1.10.2 - September 3rd
SPIRE’s had two releases in the past month, 1.10.2 and 1.10.3. Whilst 1.10.3 was a bugfix release, 1.10.2 contains a handful of new features.
The introduction of a HTTP challenge based node attestor will be particularly interesting to those running SPIRE in an on-premise environment. It’s a great alternative to the existing limited options for node attestation in these kinds of environments, especially if you don’t have pre-existing PKI.
The release also includes improvements to the experimental SigStore support. This functionality is super exciting to me, allowing you to restrict the issuance of SVIDs to container workloads that are running a container image with a valid signature and attestations. If you’re looking to shore up your supply chain security, then you won’t regret looking into container image signing.
Coming Up…
What’s happening soon in the world of Workload Identity
Open Source Summit Europe
September 16th to 18th - Vienna
Securing Workloads with Transaction Tokens and Minicloak - Dmitry Telegin (Backbase)
Let Them Eat CAKES: A Sweet Dive Into a Modern Cloud Networking Stack. - Christian Posta (Solo.io)
Find out more at https://events.linuxfoundation.org/open-source-summit-europe/
Teleport Connect 2024
September 25th - San Francisco
Find out more at https://goteleport.com/teleport-connect-2024/
KubeCon North America
November 12th to the 15th - Salt Lake City, Utah
Find out more at https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/
That’s all for this month’s edition of What’s Up in Workload Identity. If you’ve found this interesting, please subscribe and share!
Got something you’d love to see in the next edition? I’m particularly keen to start including some short editorial pieces within WUIWI. Please get in touch at wuiwi@noahstride.co.uk