Enables ephemeral certificate-based authorization
Reduces the need for permanent access credentials, explicit access revocation or traditional SSH key management
Automates the management and issuance of TLS certificates
Run with a self-certificated Root CA certificate or use an issuing certificate retrieved using the Venafi vCert software
Kubernetes (K8s) solves the container orchestration, application deployment, scaling, and management problem. However, it does not solve the observability, traffic management, secure communications and connectivity related problem. Service mesh implements high performance, low latency, built-in Certificate Authorities (CAs), but these CAs operate without oversight of security teams. This creates friction, uncertainty, and doubt for security teams that are being pressured to support broad service mesh deployments.
This project addresses the many limitations of the embedded service mesh CAs by providing:
- A fast, easy, and integrated source of machine identities for developers
- Policy and oversight for security teams using Venafi