Developing applications nowadays requires access to external APIs through personal access tokens. But this brings some challenges. How is a token approved and issued? How can we make sure that it’s going to be stored in a secure way? How do we limit the scope of the token so that who owns it cannot abuse it? How are tokens transmitted across different systems?
Ford is a long time Kubernetes user and in this talk we are going to show how two recent features are allowing developers and platform engineers to manage API tokens effectively and securely. Those features are Service Account Token Volume projection (that brings some new security features compared to the default Service Account Tokens) and Workload Identity Federation (that allows linking Kubernetes Service Accounts with third party services).