Loading…
In-person
1-4 April 2025
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in British Summer Time (BST) (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
← Back to schedule
Zero Trust at Shopify Scale: Automating MTLS Across Thousands of Services - Dani Santos & Michelle Mali, Shopify
Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance N10 | Room H
Certificate management at scale presents critical challenges for securing service-to-service communication in zero trust architectures. We will demonstrate how Shopify automates mTLS across thousands of services, addressing certificate rotation without interruption, renewal failures, and cross-cluster distribution. Drawing from production experience, we'll explore our evolution from custom admission controllers to versatile patterns working across Kubernetes and non-Kubernetes environments, including mounting CA certificates at container startup with periodic Cronjob renewals. We'll share code examples for resilient rotation mechanisms, graceful certificate rollover, and RBAC. Attendees will learn practical patterns for scaling mTLS, with examples of monitoring certificate lifecycles and troubleshooting common failure modes.
Speakers
avatar for Michelle Mali

Michelle Mali

Infrastructure Security Engineer, Shopify
Michelle Mali is an Infrastructure Security Engineer at Shopify, specializing in securing cloud-native environments. With experience in Kubernetes and container security, they hold the Certified Kubernetes Application Developer (CKAD) and Certified Kubernetes Administrator (CKA) certifications... Read More →
avatar for Dani Santos

Dani Santos

Senior Infrastructure Security Engineer, Shopify
Dani Santos is a Senior InfraSec Engineer at Shopify, focusing on service identity and PKI infrastructure at scale in cloud-native environments. She's involved in certificate management initiatives across Shopify's internal services, developing solutions for automated mTLS flows... Read More →
Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance N10 | Room H
  Security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link