Since launching in 2009, Uber has become the poster child for explosive growth - in revenue, headcount, and operational complexity. This growth has created new challenges for Uber’s engineering team and the services they maintain. How can these services reliably identify and authenticate to each other? How can we ensure isolation for critical systems? How can we achieve compliance with regulations like GDPR and SOX? How can we efficiently incorporate identity into unsupported legacy systems? Most importantly, how can we do all of this in a way that doesn’t get in the way of engineers?This talk will explore what led Uber to build out an automated, API-driven, cloud native approach to workload identity with SPIFFE that provides the critical bridge of trust within Uber’s next-gen infrastructure, and the impact it’s had on Uber’s internal security and developer efficiency.