How we got there

While working on a project to eliminate static secrets and credentials in Grafana Labs, we came across OIDC and what is been offered in Google Cloud Platform (the CSP we use) and in GitHub Actions (see here for reference). I won’t go into many details here since you can find the whole presentation below, but what made us apply to the SRECon was the simplicity of the framework we built for other teams. While me and Iain Lane were looking at it when the project was more or less finished, we thought that it would be a good idea to share it with other fellow engineers and enthusiasts and what’s better than sharing our ideas and implementations at SRECon?

The conference

SRECon 2024 took place in Dublin and was a blast. The event featured many experienced professionals with impressive backgrounds, as well as numerous enthusiasts. I also had the pleasure of meeting attendees and speakers from both small and large Greek companies, which made me smile! The venue was fantastic—one of those places I had always wondered about (having been to Dublin twice before SRECon) but never explored. The conference included many interesting talks, great conversations, and a lot of booth duty, during which I had many fruitful discussions and got to talk about new Grafana features!

What I learned

While preparing for the presentation and looking at the slides Iain and I made, I became more confident that this talk can actually help people do things differently. I noticed that many people on the web had similar issues and that there wasn’t anything quite like what we built. As we mention at the beginning of the presentation, this is not entirely new stuff, but we believe our approach is valuable and worth sharing with others.

Since I was also doing some booth duties during the conference, I had the privilege to talk with many people and exchange ideas on how to improve our approach even more. OSS may be in our DNA (stole that from the presentation and from Grafana Labs’s principles) but it’s not always obvious that something you do to solve a problem can be beneficial to others if shared. We received lots of appreciation posts and many in-person “thank you” messages due to being open and sharing our work publicly. One of the things that became even clearer to me (also after working with Iain, who’s a huge fan of open-source projects) is that at the end of every project, we have to consider if other people can benefit from something we’ve built and, if so, start thinking about how to make it open-source and share it with others.

The presentation

Next steps

We are actively making improvements to this framework. We want to expand it and start thinking about how to use it with other CSPs or even start using Direct Workflow Identity Federation. Also we aim to not stop talking about secretless access to resources, since we really believe that something like this can make the application’s world more secure!

Thanks Iain!

At this point I want to thank my colleague Iain (LinkedIn profile above!) for being there for me and helping and preparing the majority of the presentation. Also for being a great mentor and supporting me in my new Staff Engineer role. Iain is someone who cares about the way that teams work, cares about how people can be more productive and about making the OSS world a better place. As he is someone to look up to, I hope we continue working together and make each other better - first and foremost - people and then engineers! Cheers mate!