This session shares real world lessons learnt and gaps identified from using SPIFFE, OAuth 2.0, and mTLS to automate identity lifecycle management, OAuth client registration, sender-constrain tokens and eradicate secrets.