From Bespoke To Bulletproof: SPIFFE/SPIRE With ESO for Enterprise Zero Trust - May Large & Ivy Alkhaz, State Farm

less than 1 minute read

Abstract

At State Farm, securing microservices across multi-cluster K8s environments demanded a robust zero-trust architecture. Our initial “bespoke” SPIFFE/SPIRE deployment provided workload identities but faltered under scale. To achieve enterprise-grade resilience, we transitioned to an HA nestedSpire architecture, enabling seamless integration with ESO for secure secret retrieval. This talk shares our journey, from debugging 500 errors in ESO’s webhook-based SecretStore to scaling SPIRE agents. We’ll detail how we configured nestedSpire for HA, integrated SPIFFE SVIDs with ESO’s webhook authentication, and automated secret rotation to remove credential leaks. Attendees will learn steps for deploying nestedSpire, troubleshooting common issues (like attestation failures). We’ll share lessons from our bespoke-to-bulletproof evolution. Whether you’re adopting SPIRE or optimizing an existing setup, this talk offers a blueprint for building scalable, secure zero-trust systems in Kubernetes.

Sched URL

Video

Share on

X Facebook LinkedIn Bluesky

About

Conferences

From Bespoke To Bulletproof: SPIFFE/SPIRE With ESO for Enterprise Zero Trust - May Large & Ivy Alkhaz, State Farm

Abstract

Video

Share on

You May Also Enjoy

You Deployed What?! Data-Driven Lessons on Unsafe Helm Chart Defaults - Yossi Weizman, Microsoft

Tools and Strategies for Making the Most of Kubernetes Access Control - Lucas Käldström, Upbound & Micah Hausler, AWS

The Ultimate Container Challenge: An Interactive Trivia Game on Supply Chain Security - Aurélie Vache, OVHcloud & Sherine Khoury, Red Hat

Securing Data Applications at Pinterest With Finer Grained Access Control on Kubernetes - Soam Acharya & William Tom, Pinterest