Identity and Platform Access
Section focus: Identity and Platform Access.
Best use: start with the section map below, then move into the deeper pages that match your role or stack.
Design note: this index was refreshed to act as a cleaner GitBook landing page instead of a plain directory listing.
Start with these pages
| Page | Why open it first |
|---|---|
| ๐ค Workload Federation and Non-Human Identities | High-value page inside Identity and Platform Access. |
| ๐ GitHub, GitLab, and Cloud Trust Patterns | High-value page inside Identity and Platform Access. |
| โฑ๏ธ JIT, PAM, Break-Glass, and Admin Access | High-value page inside Identity and Platform Access. |
| ๐ Keycloak โ Foundations, Installation, and Integrations | High-value page inside Identity and Platform Access. |
| ๐ชช mTLS and Service Identity Deep Dive | High-value page inside Identity and Platform Access. |
Related sections
Intro: Identity is the shortest path from minor software flaw to major business impact. This section covers the parts of identity that engineering teams repeatedly misuse: non-human identities, federation, CI trust, and privileged access for operators.
What this page includes
- workload federation and non-human identities
- GitHub and GitLab OIDC trust patterns
- just-in-time access and break-glass design
- service-account and machine-identity review checklists
Figure: pipeline identity to federated trust to cloud access.
Section map
| Page | Why it belongs here |
|---|---|
| Workload Federation and Non-Human Identities | Explains how to stop distributing static cloud credentials. |
| GitHub, GitLab, and Cloud Trust Patterns | Connects platform identities to actual deployment risk. |
| JIT, PAM, Break-Glass, and Admin Access | Covers stronger operator access and emergency access design. |
| ๐ Keycloak โ Foundations, Installation, and Integrations | Explains how to treat Keycloak as an identity platform, not just a login screen. |
| ๐ชช mTLS and Service Identity Deep Dive | Connects workload identity, trust domains, rotation ownership, and service authorization. |
Control bias
Prefer short-lived credentials and explicit trust conditions over convenience secrets.
Suggested reference links
- GitHub OIDC
- GitLab OIDC and cloud services
- Managed identities for Azure resources
- Workload Identity Federation for GKE
Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.