Identity & Access
Machine Identity
Also known as: Workload identity, Non-human identity
Definition
The cryptographic identity of a non-human entity — workload, device, container, or API client — used to authenticate and establish trust with other systems.
Examples
- A SPIFFE ID issued to a Kubernetes workload to authenticate calls between microservices via mTLS.
- An automated certificate issued by AWS Private CA to an IoT device for mutual TLS authentication.
Related terms
Service Account
A non-human identity used by an application, script, or service to authenticate to other systems, typically without interactive login.
Credential Vault
Credential Vault — definition coming soon.
Public Key Infrastructure (PKI)
The combined system of policies, software, hardware and trusted authorities used to issue, distribute, validate and revoke digital certificates that bind identities to public keys.
Mutual TLS (mTLS)
An extension of TLS in which both the client and the server present X.509 certificates so that each side cryptographically authenticates the other.
Identity and Access Management (IAM)
A discipline and set of technologies for defining digital identities and controlling which resources each identity may access under which conditions.
Principle of Least Privilege
A security principle that grants every user, process, or service only the minimum privileges strictly required to perform its function — no more.