workload-identity
Safeguard articles tagged "workload-identity" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Azure DevOps Pipeline Supply Chain Hardening 2026
A 2026 hardening guide for Azure DevOps Pipelines: service connections, workload identity federation, approval gates, agent isolation, and SLSA integration.
SPIFFE/SPIRE identity
What is SPIFFE/SPIRE? A plain-language breakdown of the SPIFFE identity framework, SPIRE workload identity, SVIDs, and how it compares to plain mTLS.
SVID (SPIFFE Verifiable Identity Document)
An SVID (SPIFFE Verifiable Identity Document) is a cryptographic identity for software workloads. Learn what an SVID is, its X.509 and JWT formats, and how it works.
GCP Cloud Build + Workload Identity Federation
Workload Identity Federation is the right way to give Cloud Build and external CI access to GCP. Here is the architecture, the traps, and the rollout plan.
Hardening Google Kubernetes Engine clusters against attacks
A step-by-step guide to GKE security best practices: private clusters, Workload Identity, Shielded Nodes, Binary Authorization, and verification checks for real audits.
What is Secretless Authentication in CI/CD
Secretless authentication replaces stored CI credentials with short-lived OIDC tokens minted per job. Here's the trust-policy plumbing, provider support, and the pitfalls.