|国家预印本平台
首页|Decoupling Identity from Access: Credential Broker Patterns for Secure CI/CD

Decoupling Identity from Access: Credential Broker Patterns for Secure CI/CD

Decoupling Identity from Access: Credential Broker Patterns for Secure CI/CD

来源:Arxiv_logoArxiv
英文摘要

Credential brokers offer a way to separate identity from access in CI/CD systems. This paper shows how verifiable identities issued at runtime, such as those from SPIFFE, can be used with brokers to enable short-lived, policy-driven credentials for pipelines and workloads. We walk through practical design patterns, including brokers that issue tokens just in time, apply access policies, and operate across trust domains. These ideas help reduce static permissions, improve auditability, and support Zero Trust goals in deployment workflows. This is the second paper in a three-part series on secure CI/CD identity architecture.

Surya Teja Avirneni

计算技术、计算机技术

Surya Teja Avirneni.Decoupling Identity from Access: Credential Broker Patterns for Secure CI/CD[EB/OL].(2025-04-20)[2025-05-17].https://arxiv.org/abs/2504.14761.点此复制

评论