Ephemeral CA
Updated Nov. 12 2020

This Venafi Indie Devs project from developer, Sigurdur Skulason, provides service meshes a fast, easy and secure source of machine identities. This enables an in-memory issuing CA to get it's certificate and issuing policy from Venafi, ensuring consistent machine identities used for mTLS that adhere to enterprise security policies.
Solution Overview

Kubernetes (K8s) solves the container orchestration, application deployment, scaling, and management problem. However, it does not solve the observability, traffic management, secure communications and connectivity related problem.  Service mesh implements high performance, low latency, built-in Certificate Authorities (CAs), but these CAs operate without oversight of security teams. This creates friction, uncertainty, and doubt for security teams that are being pressured to support broad service mesh deployments.  

This project addresses the many limitations of the embedded service mesh CAs by providing: 

  • A fast, easy, and integrated source of machine identities for developers   
  • Policy and oversight for security teams using Venafi