Zero Trust at Shopify Scale: Automating MTLS Across Thousands of Services - Dani Santos & Michelle Mali, Shopify

less than 1 minute read

Abstract

Certificate management at scale presents critical challenges for securing service-to-service communication in zero trust architectures. We will demonstrate how Shopify automates mTLS across thousands of services, addressing certificate rotation without interruption, renewal failures, and cross-cluster distribution. Drawing from production experience, we’ll explore our evolution from custom admission controllers to versatile patterns working across Kubernetes and non-Kubernetes environments, including mounting CA certificates at container startup with periodic Cronjob renewals. We’ll share code examples for resilient rotation mechanisms, graceful certificate rollover, and RBAC. Attendees will learn practical patterns for scaling mTLS, with examples of monitoring certificate lifecycles and troubleshooting common failure modes.

Sched URL

Video

Share on

X Facebook LinkedIn Bluesky

About

Conferences

Zero Trust at Shopify Scale: Automating MTLS Across Thousands of Services - Dani Santos & Michelle Mali, Shopify

Abstract

Video

Share on

You May Also Enjoy

Why Don’t We Have Both? Track Build- and Run-time Information for Security With Kubescape and GUAC - Jeff Mendoza, Kusari & Ben Hirschberg, ARMO

From Chaos To Control: Migrating Access Control To OpenFGA in a Multi-Tenant World - Jo Guerreiro, Grafana Labs & Poovamraj Thanganadar Thiagarajan, Okta

Fresh Secrets From the Docks: Lessons Learnt From Analyzing 180,000 Public DockerHub Images - Guillaume Valadon, GitGuardian

Enhancing Software Composition Analysis Resilience Against Container Image Obfuscation - Agathe Blaise, Thales & Jacopo Bufalino, CNAM