|
|
|
|
|
|
by n42
1214 days ago
|
|
|
Yeah you do, but you compartmentalize that with your orchestration (hence strong ops). With HashiCorp Nomad for example you might setup a parameterized job. When Nomad receives a job to do X for customer Y, it allocates a container with a short lived token. Nomad is the system with the longer living token that lets it generate short lived tokens for short lived workloads, that are themselves containerized to add a layer of security for a compromise. And so on. Abstract that a little bit; the system that generates the short lived token ideally would not be the same as the system that is using it Turtles all the way down |
|
|