Thalassa Cloud Thalassa Cloud
Sign in Sign up

Bootstrap workload identity with tcloud. GitHub, GitLab, and Kubernetes

security iam
2026-03-24
By Thalassa Cloud

We want to eliminate static secrets wherever it is practical. Long-lived tokens in Git variables, copied into Terraform backends, or baked into cluster manifests rot slowly, leak easily, and rarely map cleanly to who actually called the API. Workload identity federation is a better default: a platform OIDC identity proves this pipeline or this service account ran the job, and Thalassa issues short-lived access in exchange. The tcloud iam workload-identity-federation bootstrap command is one piece of that puzzle.

Read article

Latest Posts

Bootstrap workload identity with tcloud. GitHub, GitLab, and Kubernetes

2026-03-24
We want to eliminate static secrets wherever it is practical. Long-lived tokens in Git variables, copied into Terraform backends, or baked into cluster manifests rot slowly, leak easily, and rarely map cleanly to who actually called the API. Workload identity federation is a better default: a platform OIDC identity proves this pipeline or this service account ran the job, and Thalassa issues short-lived access in exchange. The tcloud iam workload-identity-federation bootstrap command is one piece of that puzzle.

Introducing Service Accounts in Thalassa Cloud

2025-10-10
Service accounts are non‑human identities designed for automated systems, applications, and integrations. In Thalassa Cloud, they are organisation‑level principals with their own roles and one or more access credentials. Use them for CI/CD pipelines, controllers, monitoring, provisioning, or any workload that needs programmatic access. Service accounts separate machine access from human users, enabling least‑privilege policies, independent credential rotation, and clean audit trails. Each service account can hold multiple credentials, so you can rotate keys with zero downtime.

Creating an organisation on the Thalassa Cloud Platform

2025-05-26
The Thalassa Cloud Platform gives you full control over your cloud infrastructure, running in your own datacenter or hosted environment. It combines the flexibility of public cloud APIs with the control of private infrastructure. Before you can start deploying workloads, you need to create an organisation. This is the main structure for managing your cloud environment, users, quotas, and billing. In this blog post, we’ll guide you through the full process.