About authentication¶

Connection for Next-Gen Trust Security authenticates to Next-Gen Trust Security using a Built-In Account. This method uses private key JSON Web Token (JWT) authentication with Open Authorization (OAuth) token exchange, so you don't need to manage or rotate long-lived credentials.

How it works¶

You or a platform administrator create a Built-In Account with the cert-manager Enterprise Issuer scope in Next-Gen Trust Security. This generates a private key which Connection resource uses to sign short-lived JWT tokens and exchange them for OAuth bearer tokens.

Setup is one time per cluster, after which token generation and renewal happen automatically.

What's next?¶

To connect Connection resource to Next-Gen Trust Security, complete the steps in Authenticate with a Built-In Account.