Workload Identity for Humans: A Twelve-Factor Approach - Vish Abrams, Heroku
Vish Abrams, Heroku
KubeCon + CloudNativeCon Europe 2025 · Session
In this insightful KubeCon EU talk, Vish Abrams, Chief Architect at Heroku, tackles a pervasive and costly security challenge in modern application development: the management of workload identities and secrets. The presentation, titled "Workload Identity for Humans: A Twelve-Factor Approach," advocates for a fundamental shift away from the traditional practice of embedding long-lived secrets in application configuration. Abrams proposes a standardized, platform-managed system for generating and distributing **short-lived**, **connection-scoped** credentials, drawing inspiration from and aiming to extend the principles of the venerable 12-Factor App manifesto.
AI review
Abrams presents a foundational shift in how applications manage identity and secrets, moving from error-prone, long-lived credentials to a platform-managed, short-lived, connection-scoped, and standardized approach. Extending the 12-Factor App, he outlines a pragmatic path using OIDC, proxying, and a clever `factor CLI` polyfill to tackle a "little bit hard" problem that plagues nearly every organization. This isn't just theory; it's a blueprint for significantly improving application security and operational efficiency, making it a critical talk for anyone tired of dealing with leaked…