Learn how to use a Security Token Service (STS) and Kubernetes workload identity to securely access cloud services without long-lived credentials. This post shows how OpenUnison validates ServiceAccount tokens and issues short-lived, service-specific tokens for safer cross-environment authentication.

OpenUnison 1.0.44 adds native Headlamp support, expanded OpenID Connect features, a SCIM 2.0 gateway, and enhanced deployment security with hardened, automated TLS and streamlined namespace and identity features.

Learn how to securely authenticate Kubernetes workloads with HashiCorp Vault using short-lived tokens instead of static ServiceAccount credentials. This post explains why long-lived ServiceAccount tokens are a security risk and shows how to use JWT/OIDC-based authentication and a Kubernetes-aware STS to issue ephemeral Vault tokens, improving workload identity, least-privilege access, and secret security in Kubernetes.

Feature summary for OpenUnison 1.0.43

Notice of deprecating customized tremolo/orchestra-login-portal-argocd chart in favor of Argo CD multi source Application deployment

Enable SSO for Argo Workflows with OpenUnison, securing both login and ServiceAccount creation. Go beyond SSO to make sure that you can trace your user's from Argo to the API server.

Use your GitHub action's identity to interact with your Kubernetes clusters using OpenUnison

Use OpenUnison to authenticate external GitLab pipelines.

Learn how to securely integrate ArgoCD with remote Kubernetes clusters with short lived tokens based on ArgoCD's Kubernetes identity.

Map AWS IAM Roles to EKS using AWS' new EKS access management methods and see which access method for EKS is best for you.

Learn how a global financial institution automated authentication and multi-tenancy for their Kubernetes deployments using OpenUnison.

Tremolo Security is now publishing images to GitHub and signing them.

Use Kubernetes with Google Workspaces for authentication and to retrieve user's groups.

Securely interact with AWS APIs from your Kubernetes clusters by generating short lived tokens. Explore how you can use Kubernetes' TokenRequest API, SPIRE, or OpenUnison's Security Token Service to securely interact with AWS APIs without static keys.

Release of OpenUnison 1.0.33 with better kubernetes session management, PKCE support, and more GitLab support.

Compare multiple Kubernetes authentication options: OpenUnison, KeyCloak, Dex, and Pinniped. This post deploys each with common enterprise requirements, including manifests with step-by-step instructions for each project.

vclusters vastly simplify how to manage multitenant Kubernetes. In this post, we'll build a vclsuter as a service portal using OpenUnison.

Integrate loft vclusters with your enterprise authentication without building trusts or running custom commands.

Simplify Kubernetes authentication and sso using the ouctl utility to quickly deploy OpenUnison, integrate it with your identity provider, and onboard satellite clusters for multi-cluster SSO.

Integrate Kubernetes and AzureAD using OpenUnison to map group ids to names in RBAC, secure CLI access, and provide secure and convenient access to the Kubernetes Dashboard.

See what the NSA and CISA left out of their Kubernetes hardening guide for authentication and authorization!

Simplify security in managed clusters with Tremolo Security's updates to kube-oidc-proxy. Updated libraries and dependencies, kubectl --as support, better logging.

Use GitHub for authentication, integrating team assignments for RBAC

Use OopenUnison to integration Active Directory and Cononical's Kubernetes Distribution!