home.social

#spiffe — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #spiffe, aggregated by home.social.

  1. ----------------

    🔐 Identity (AI & Cloud-Native)

    Overview

    The article documents a shift in the enterprise attack surface: adversaries are increasingly targeting machine identities and service-level credentials rather than human accounts. Notable examples cited include VoidLink, which specializes in harvesting credentials, ShadowRay 2.0, which exploited an unauthenticated AI framework, and LangFlow, which retained service credentials and created a “master key” effect for connected services.

    Key findings and numbers
    • Machine identities outnumber human identities by an average ratio of 82:1 (Rubrik Zero Labs).
    • A Cloud Security Alliance survey found 44% of organizations authenticate AI agents with static API keys, while only 28% can trace agent actions back to the human who authorized them; nearly 80% cannot currently report what deployed AI agents are doing or who is responsible.
    • SPIFFE and SPIRE are presented as the primary industry response for workload identity: they issue short-lived, automatically rotating credentials tied to verified workload attributes, reducing the value of long-lived secrets.

    Where current systems fall short
    • The piece emphasizes that SPIFFE/SPIRE were designed for traditional workload interactions; they can mitigate lateral movement and make alerts attributable when workloads carry verifiable identities. However, these systems are less effective for modern autonomous AI agents that make decisions, delegate tasks, and often authenticate with static credentials.
    • The result is an expanding risk surface: AI agents and machine identities broaden potential impact from breaches because credentials often are created informally, rarely rotated, and lack centralized governance.

    Implications reported (factual)
    • Attackers are not primarily “breaking in” but are leveraging logged-in identities belonging to machines and services.
    • Short-lived workload credentials are described as an effective technical control against credential harvesting tactics used by malware like VoidLink.

    🔹 VoidLink #SPIFFE #LangFlow #ShadowRay #machineidentity

    🔗 Source: blogs.cisco.com/security/ident

  2. There's a new article in the #Keycloak blog about federated client authentication, where you rely on an external provider (like a #Kubernetes cluster with service account token, or a generic #SPIFFE client) to authenticate confidential clients. keycloak.org/2026/01/federated

    Would love to take a closer look at that functionality at some point, especially for a use case where you authenticate Keycloak service accounts (to get tokens for M2M calls in a microservice architecture) through that method. Might be really great for getting rid of some secrets that have to be frequently rotated. But currently, I have no time to do this. Has anyone already used this? How well does it work? Worth investigating, or still too flaky?

  3. Last week, I had the privilege of attending #KubeCon 2025
    Seeing #SPIFFE and #SPIRE take a front seat in conversations, driven by #AgenticAI, was mind-blowing.
    Here are a few thoughts and reflections from the event:
    blog.gitguardian.com/kubecon-2

  4. #KubeCon 2025
    Anchoring Trust in the Age of AI: Identities Across Humans, Machines, and Models - Yuan Tang and Anjali Telang

    KServe is a CNCF incubator project

    kserve.github.io/website/

    #SPIFFE #SPIRE #Keycloak

  5. Zero Trust в облаке: практическое руководство

    В этом руководстве рассматривается современный подход к безопасности — Zero Trust Network Access (ZTNA) — и показано, как его реализовать с помощью SPIFFE/SPIRE и OpenID Connect (OIDC). Материала много, по этому я предоставлю его в сухой форме. В основе ZTNA лежит принцип «никогда не доверяй, всегда проверяй»: каждый запрос на доступ считается потенциально небезопасным и проходит обязательную аутентификацию и авторизацию. По сравнению с классическими VPN-сетями решения ZTNA на базе SPIFFE/SPIRE и OIDC: Ускоряют процедуру аутентификации в 20–80 раз, Повышают производительность на 46–64 %, В облаках AWS и Google Cloud позволяют снизить задержки до 50–100 мс вместо привычных 2–4 с.

    habr.com/ru/articles/917440/

    #zerotrust #spiffe #spire #oidc #kubernetes #aws #gcp #ztna #security

  6. Time to get hands-on at #CNSCon
    Tutorial: Demystifying and Enabling Workload Identity Across the Cloud Native Ecosystem - from Andrew Block, Anjali Telang, and Trilok Geer, Red Hat; and Mariusz Sabath and Maia Iyer, IBM

    #Spiffe #Spire

  7. 🚀 Excited to share my overview & and demo on
    “sharing secrets across clusters with SPIFFE federation” ✨

    I presented it at sig-spire on Oct 26, 2023.

    Dive in and explore! 🛠️:
    vimeo.com/v0lkan/vsecm-spire

    #VSecM #SPIFFE #SPIRE #VMware #TechTalk

  8. Novel ways of providing identity to automated cross-#cloud processes – Workload Identity Federation (#workloadidentityfederation) and #SPIFFE
    zuinnote.eu/blog/?p=2273

  9. Novel ways of providing identity to automated cross-#cloud processes – Workload Identity Federation (#workloadidentityfederation) and #SPIFFE
    zuinnote.eu/blog/?p=2273

  10. Novel ways of providing identity to automated cross-#cloud processes – Workload Identity Federation (#workloadidentityfederation) and #SPIFFE
    zuinnote.eu/blog/?p=2273

  11. Novel ways of providing identity to automated cross-#cloud processes – Workload Identity Federation (#workloadidentityfederation) and #SPIFFE
    zuinnote.eu/blog/?p=2273

  12. Novel ways of providing identity to automated cross-#cloud processes – Workload Identity Federation (#workloadidentityfederation) and #SPIFFE
    zuinnote.eu/blog/?p=2273

  13. 🚀 Hey, #ZeroTrust enthusiasts! — We’ve kicked off VMware Secrets Manager v0.22.0, codenamed Boötes!

    🌟 Curious about what awesomeness lies ahead? Our 🔥Updated Yearly Roadmap🔥 has all the details 👉 vsecm.com/docs/roadmap/

    #SPIFFE #SPIRE #VSecM #VMware

    🐢⚡️ #TurtlePower

  14. 🚀 Hey, #ZeroTrust enthusiasts! — We’ve kicked off VMware Secrets Manager v0.22.0, codenamed Boötes!

    🌟 Curious about what awesomeness lies ahead? Our 🔥Updated Yearly Roadmap🔥 has all the details 👉 vsecm.com/docs/roadmap/

    #SPIFFE #SPIRE #VSecM #VMware

    🐢⚡️ #TurtlePower

  15. 🎉 Just wrapped up an electric session on today's #TalkSPIFFE! 🚀 We dove deep into the nitty-gritty of open source, business licensing models, and their ripple effects on the open-source ecosystem (I’m looking at you HashiCorp!). 🌐

    twitch.tv/videos/1913673154

    #ZeroTrust #Security #SPIFFE #SPIRE #VSecM #TalkSPIFFE #VOD #Twitch

  16. 🔐 A Milestone in Zero-Trust Architectures: SPIFFE Takes Center Stage in Google Cloud

    This week marked a pivotal moment in the journey of zero-trust architectures. Google Cloud announced its standardization of SPIFFE as the unified identity platform across all its environments.

    This is not just a technical achievement; it’s’ a paradigm shift in how we approach security in cloud computing.

    linkedin.com/feed/update/urn:l

    #SPIFFE #ZeroTrust #GoogleCloud #CyberSecurity #OpenSource #Leadership

    1/n

  17. NIST said you should use SPIFFE, and you should use it NOW, and Google Cloud is standardizing its workload identity based on SPIFFE.

    I cannot emphasize how HUGE this is!

    check out this clip:youtube.com/clip/UgkxcujMWTzWh

    #SPIFFE #SPIRE #ZeroTrust #security

  18. 🎉 Introducing VMware Secrets Manager; The Next Step for Aegis!
    »» zerotohero.dev/vmware-secrets- ««

    I am thrilled to share an update with all of you. Aegis has transformed and landed into its new home! It is now entering a phase as VMware Secrets Manager for Cloud Native workloads!

    #ZeroTrust #security #VMware #SecretsManager #secrets #spiffe #SPIRE

  19. 🎉 Introducing VMware Secrets Manager; The Next Step for Aegis!
    »» zerotohero.dev/vmware-secrets- ««

    I am thrilled to share an update with all of you. Aegis has transformed and landed into its new home! It is now entering a phase as VMware Secrets Manager for Cloud Native workloads!

    #ZeroTrust #security #VMware #SecretsManager #secrets #spiffe #SPIRE

  20. Hi 👋! only 1hr until our #TalkSPIFFE office hours kick off at 8:30am PT. We'll explore demos, use cases & more on unlocking secure comms with SPIFFE/SPIRE. Join us for an enlightening community chat! 🔐 #SPIFFE #SPIRE #Security #ZeroTrust

    Join us at twitch.tv/ZeroToHeroDev

  21. Hi 👋! only 1hr until our #TalkSPIFFE office hours kick off at 8:30am PT. We'll explore demos, use cases & more on unlocking secure comms with SPIFFE/SPIRE. Join us for an enlightening community chat! 🔐 #SPIFFE #SPIRE #Security #ZeroTrust

    Join us at twitch.tv/ZeroToHeroDev

  22. Jump into the world of multi-streaming with this comprehensive overview on the behind-the-scenes, tools, tips and tricks, used in setting up the backstage for #TalkSPIFFE.

    #TechCommunity #SPIFFE

    👉 zerotohero.dev/talkspiffe-stre

  23. 🚀 Ready to #TalkSPIFFE ?

    Our new series demystifies #SPIFFE tech and connects the community. 🐢

    Join us tomorrow (Fri), 8:30 AM PT (4:30 PM BST, 9 PM IST) on Twitch 👉 twitch.tv/ZeroToHeroDev.

    Don’t use Twitch?
    Zoom: zoom.us/j/95283083971?pwd=UWJn

    #DevTalk #DevRel #ZeroTrust

  24. 🎶🎤 “Talk SPIFFE to me” — a mini teaser of what’s coming up 😉🐢⚡️.

    #ZeroTrust #SPIFFE #SPIRE #stream

  25. 🎶🎤 “Talk SPIFFE to me” — a mini teaser of what’s coming up 😉🐢⚡️.

    #ZeroTrust #SPIFFE #SPIRE #stream

  26. Good times with #Styra friends at #EIC Berlin, talking policy, authorization and #OpenPolicyAgent. If you're around, don't miss when @charlieegan3 talks #OPA and #SPIFFE today!

    #EIC2023

  27. Setting Up SPIRE on EKS in Less Than Ten Minutes

    This article will look at what SPIFFE and SPIRE are. Then, we’ll explore why managing identities and Trust at scale is a tough challenge and how to solve it in a repeatable, scalable, and platform-agnostic way.

    zerotohero.dev/spire-rocks/

    #ZeroToHero #spiffe #spire #UseCases

  28. Using SPIRE to Securely Connect Workloads

    This video series will guide you through establishing a secure cross-cluster mTLS connectivity between workloads across multiple clusters using SPIRE. We will start with a blank slate, and make as little assumptions as we can along the way.

    zerotohero.dev/spire-mtls/

    #ZeroToHero #spiffe #spire #federation #Kubernetes #CrossCluster #mtls

  29. Using SPIRE to Securely Connect Workloads

    This video series will guide you through establishing a secure cross-cluster mTLS connectivity between workloads across multiple clusters using SPIRE. We will start with a blank slate, and make as little assumptions as we can along the way.

    zerotohero.dev/spire-mtls/

    #ZeroToHero #spiffe #spire #federation #Kubernetes #CrossCluster #mtls

  30. Using SPIRE to Securely Connect Workloads

    This video series will guide you through establishing a secure cross-cluster mTLS connectivity between workloads across multiple clusters using SPIRE. We will start with a blank slate, and make as little assumptions as we can along the way.

    zerotohero.dev/spire-mtls/

    #ZeroToHero #spiffe #spire #federation #Kubernetes #CrossCluster #mtls

  31. Using SPIRE to Securely Connect Workloads

    This video series will guide you through establishing a secure cross-cluster mTLS connectivity between workloads across multiple clusters using SPIRE. We will start with a blank slate, and make as little assumptions as we can along the way.

    zerotohero.dev/spire-mtls/

    #ZeroToHero #spiffe #spire #federation #Kubernetes #CrossCluster #mtls

  32. Using SPIRE to Securely Connect Workloads

    This video series will guide you through establishing a secure cross-cluster mTLS connectivity between workloads across multiple clusters using SPIRE. We will start with a blank slate, and make as little assumptions as we can along the way.

    zerotohero.dev/spire-mtls/

    #ZeroToHero #spiffe #spire #federation #Kubernetes #CrossCluster #mtls