Lessons From Migrating to SPIFFE After 10 Years of Service Identity at Square

Explore a conference talk detailing Square's migration to SPIFFE for service identity after a decade of using their own system. Learn about the migration process and ten key lessons, including managing expectations, leveraging community support, taking principled risks, ensuring backward compatibility, and balancing return on investment. Gain insights into the challenges of infrastructure ossification, changing mental models, and the impact of lower TTLs on on-call pressure. Discover why security alone isn't a compelling selling point and the importance of making migrations self-serve. Understand the value of teamwork in overcoming obstacles and implementing a seamless service identity system across multiple environments.

Intro
Origins of Service Identity at Square
The Migration Process
What We Learned
Manage Your Expectations
The Community is your superpower
Take Principled Risks
Backward Compatibility is a Must
Manage Your ROI
Security isn't a good selling point
Make Migration self-serve or DIY
Infrastructure Ossifies ; Abstractions Leak
Mental Models are hard to overcome
Lower TTL means higher on-call pressure
Teamwork Makes the Dreamwork!
Questions?