# Identity and Platform Access ![Identity and Platform Access](/files/iIN5Nf0lXaVvlBeedKiI) ## Identity and Platform Access > **Section focus:** Identity and Platform Access.\ > **Best use:** start with the section map below, then move into the deeper pages that match your role or stack.\ > **Design note:** this index was refreshed to act as a cleaner GitBook landing page instead of a plain directory listing. ### Start with these pages | Page | Why open it first | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- | | [🤖 Workload Federation and Non-Human Identities](/architecture-api-crypto-and-identity/index-2/workload-federation-and-non-human-identities.md) | High-value page inside **Identity and Platform Access**. | | [🔐 GitHub, GitLab, and Cloud Trust Patterns](/architecture-api-crypto-and-identity/index-2/github-gitlab-oidc-and-cloud-trust-patterns.md) | High-value page inside **Identity and Platform Access**. | | [⏱️ JIT, PAM, Break-Glass, and Admin Access](/architecture-api-crypto-and-identity/index-2/jit-pam-break-glass-and-admin-access.md) | High-value page inside **Identity and Platform Access**. | | [🔐 Keycloak — Foundations, Installation, and Integrations](/architecture-api-crypto-and-identity/index-2/keycloak-foundations-installation-and-integrations.md) | High-value page inside **Identity and Platform Access**. | | [🪪 mTLS and Service Identity Deep Dive](/architecture-api-crypto-and-identity/index-2/mtls-and-service-identity-deep-dive.md) | High-value page inside **Identity and Platform Access**. | ### Related sections * [Secure Architecture Patterns](/architecture-api-crypto-and-identity/index-1.md) * [Data Security and Privacy Engineering](/architecture-api-crypto-and-identity/index-3.md) *** > **Intro:** Identity is the shortest path from minor software flaw to major business impact. This section covers the parts of identity that engineering teams repeatedly misuse: non-human identities, federation, CI trust, and privileged access for operators. > > **What this page includes** > > * workload federation and non-human identities > * GitHub and GitLab OIDC trust patterns > * just-in-time access and break-glass design > * service-account and machine-identity review checklists ![Workload Federation and Platform Access](/files/upZ1iXGjxrITyTo1545g) *Figure: pipeline identity to federated trust to cloud access.* ### Section map | Page | Why it belongs here | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- | | [Workload Federation and Non-Human Identities](/architecture-api-crypto-and-identity/index-2/workload-federation-and-non-human-identities.md) | Explains how to stop distributing static cloud credentials. | | [GitHub, GitLab, and Cloud Trust Patterns](/architecture-api-crypto-and-identity/index-2/github-gitlab-oidc-and-cloud-trust-patterns.md) | Connects platform identities to actual deployment risk. | | [JIT, PAM, Break-Glass, and Admin Access](/architecture-api-crypto-and-identity/index-2/jit-pam-break-glass-and-admin-access.md) | Covers stronger operator access and emergency access design. | | [🔐 Keycloak — Foundations, Installation, and Integrations](/architecture-api-crypto-and-identity/index-2/keycloak-foundations-installation-and-integrations.md) | Explains how to treat Keycloak as an identity platform, not just a login screen. | | [🪪 mTLS and Service Identity Deep Dive](/architecture-api-crypto-and-identity/index-2/mtls-and-service-identity-deep-dive.md) | Connects workload identity, trust domains, rotation ownership, and service authorization. | ### Control bias Prefer short-lived credentials and explicit trust conditions over convenience secrets. ### Suggested reference links * [GitHub OIDC](https://docs.github.com/en/actions/concepts/security/openid-connect) * [GitLab OIDC and cloud services](https://docs.gitlab.com/ci/cloud_services/google_cloud/) * [Managed identities for Azure resources](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview) * [Workload Identity Federation for GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity) *** *Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.* --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.product-security.expert/architecture-api-crypto-and-identity/index-2.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.