Published On Jan 21, 2024
This is my talk I had at Devops Exchange Toronto named
"๐๐ก๐๐ญโ๐ฌ ๐๐๐๐ ๐๐ง๐ ๐ฐ๐ก๐ฒ ๐ฌ๐ก๐จ๐ฎ๐ฅ๐ ๐ฒ๐จ๐ฎ ๐ฎ๐ฌ๐ ๐ข๐ญ ๐๐๐๐ ๐ข๐ง ๐ฒ๐จ๐ฎ๐ซ ๐๐ข๐ญ๐๐ฎ๐ ๐ฉ๐ข๐ฉ๐๐ฅ๐ข๐ง๐?"
๐กDid you know that ๐๐ ๐ฆ๐ข๐ฅ๐ฅ๐ข๐จ๐ง๐ฑsecrets were public in GitHub in 2022 alone? โข Leaked secrets rhyme with financial and reputation loss.
Don't make it easy for hacker bros๐ด๐ฟ! ๐
โก In this presentation๐ค I share insights on how to Go ๐๐๐๐ซ๐๐ญ๐๐๐ฌ๐ฌ With ๐๐ฉ๐๐ง๐๐ ๐๐จ๐ง๐ง๐๐๐ญ & ๐orkload ๐dentity ๐
ederation!
๐ฅ Because #OAuth terminology can be super confusing, I decided to tell the whole story of Authentication standards, from Myspace days ๐จ๐ปโ๐ค till now ๐๐๐ฌ.
๐ฏ Here's the discussed topics :
โ
Popular Authentications to Cloud (Why is it wrong?)
โ
OAuth Origins
โ
OAuth 2.0 terminology
โ
OAuth 2.0 workflow
โ
What is OIDC?
โ
OIDC .vs OAuth 2.0
โ
OIDC Authentication flow
โ
OIDC in GitHub Actions
โ
MultiCloud keyless access examples (Azure/AWS/GCP)
๐ For the blog version Check it out here ๐ https://bit.ly/3KhB308
#OAuth #OIDC #GitHubActions #CICD #DevOps #BestPractice #Pipeline #WorkloadIdentityFederation