Zero Trust at Shopify Scale: Automating MTLS Across Thousands of Serv... Dani Santos & Michelle Mali
Dani Santos, Michelle Mali
KubeCon + CloudNativeCon Europe 2025 · Session
In this insightful talk, Dani Santos and Michelle Mali pull back the curtain on Shopify's extensive journey to implement **mutual TLS (MTLS)** at an unprecedented scale. Addressing an audience at KubeCon EU, the speakers delve into the complexities of securing internal service-to-service communication across an infrastructure comprising millions of pods, thousands of nodes, and hundreds of Kubernetes clusters. The presentation emphasizes the foundational role of **Zero Trust** principles in modern security architectures, highlighting how Shopify has embraced these tenets to fortify its vast and dynamic environment.
AI review
This talk delivers a brutally honest and deeply technical account of Shopify's journey to implement automated mutual TLS (MTLS) at an unprecedented scale, encompassing millions of pods and thousands of services. The speakers meticulously detail their pragmatic architectural decisions, including leveraging Spiffy with Google Cloud CA Service, developing bespoke tooling for certificate management, and opting for Kubernetes native Ingress NGINX over service meshes to balance security with operational efficiency. It's a masterclass in real-world Zero Trust implementation, devoid of hype and rich…