Skip to content

What is workload identity federation?

Workload identity federation (WIF) allows your applications to securely authenticate with cloud services without having to manage and secure long-lived credentials (like passwords or API keys). Instead, it uses short-lived tokens obtained from a trusted Identity Provider (IdP). This means your application proves its identity to the IDP and receives a token, which it can then use to access other services.

This method increases security by minimizing the risk associated with stolen credentials and reduces the management overhead typically associated with handling secrets.

In context of Venafi products, WIF allows you to access Venafi Control Plane-protected resources without needing to manage secrets.

Here's how it works:

Diagram showing the workflow when utilizing workload identity federation via a custom API integration service account

API Reference