Updated Aug. 17 2021

This Venafi Indie Devs project from developer, Sigurdur Skulason, provides service meshes a fast, easy and secure source of machine identities. This enables an in-memory issuing CA to get it's certificate and issuing policy from Venafi, ensuring consistent machine identities used for mTLS that adhere to enterprise security policies.
Business Outcomes
  • Enables ephemeral certificate-based authorization

  • Reduces the need for permanent access credentials, explicit access revocation or traditional SSH key management

Integration Features
  • Automates the management and issuance of TLS certificates

  • Run with a self-certificated Root CA certificate or use an issuing certificate retrieved using the Venafi vCert software

Solution Overview

Kubernetes (K8s) solves the container orchestration, application deployment, scaling, and management problem. However, it does not solve the observability, traffic management, secure communications and connectivity related problem.  Service mesh implements high performance, low latency, built-in Certificate Authorities (CAs), but these CAs operate without oversight of security teams. This creates friction, uncertainty, and doubt for security teams that are being pressured to support broad service mesh deployments.  

This project addresses the many limitations of the embedded service mesh CAs by providing: 

  • A fast, easy, and integrated source of machine identities for developers   
  • Policy and oversight for security teams using Venafi