Marc Boorshtein, CTO of Tremolo Security, explains why long-lived kubeconfig certificates are an anti-pattern, how OIDC and impersonation deliver revocable cluster access, and how workflow identity via OIDC JWTs replaces static service account tokens in CI/CD pipelines.
