Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
GitHub as an Authenticator
Search
Shimpei Otsubo
June 12, 2018
Technology
750
3
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
GitHub as an Authenticator
Shimpei Otsubo
June 12, 2018
More Decks by Shimpei Otsubo
See All by Shimpei Otsubo
Copy Kubernetes Clusters Really Fast
potsbo
3
5.2k
Go と Wantedly の関係 / How Wantedly uses Go
potsbo
1
920
Deploy Flow at Wantedly
potsbo
2
1.1k
Wrap every method with just one line
potsbo
1
5.6k
Zero yen Keyboard
potsbo
6
3.3k
Kube - The core tool at Wantedly
potsbo
1
8.3k
k8s - Kubernetes 8 Factors
potsbo
12
11k
コンテンツ作成に集中するためのプレゼンテーション Tips / Presentation with Confidence
potsbo
7
42k
ConfigMap vs Secret #k8sjp
potsbo
1
1.5k
Other Decks in Technology
See All in Technology
5分でわかる Amazon Connect_20260608
hwangbyeonghun
0
180
認証認可だけじゃない! ID管理の構成要素と ライフサイクルを意識しよう
ritou
1
460
從觀望到全公司落地:AI Agentic Coding 導入實戰 — 流程整合與安全治理
appleboy
1
730
Keeping applications secure by evolving OAuth 2.0 and OpenID Connect
ahus1
PRO
1
140
#エンジニアBooks 30分でわかる 「技術記事を書く技術」 / engineer-books 2026-06-30
jnchito
1
180
AI駆動開発におけるQAエンジニアの役割事例 〜AI駆動開発の現場から〜
kobayashiyorimitsu
0
300
ループエンジニアリングでE2Eテストを実践
noriyukitakei
0
250
しぶいSRE: サーバから見えない障害にどう向き合うか。ラストワンマイルのデバッグ実践 / Shibui SRE
kanny
0
550
アラート調査向けAIエージェントの本番導入とその後/AI Agents for Alert Investigation: Production Deployment and After
taddy_919
1
360
Docker Desktop不要の時代が来る? WSL標準の「wslc」で Linuxコンテナを動かしてみた.
ueponx
0
640
CVE-2026-20833_脆弱性対応とAES 化について
jukishiya
0
350
【FinOps】データドリブンな意思決定を目指して
z63d
3
600
Featured
See All Featured
My Coaching Mixtape
mlcsv
0
170
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.3k
Paper Plane
katiecoart
PRO
1
52k
Darren the Foodie - Storyboard
khoart
PRO
3
3.4k
Become a Pro
speakerdeck
PRO
31
6k
Navigating Team Friction
lara
192
16k
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
400
sira's awesome portfolio website redesign presentation
elsirapls
0
290
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.3k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
23k
A Tale of Four Properties
chriscoyier
163
24k
[SF Ruby Conf 2025] Rails X
palkan
2
1.1k
Transcript
©2018 Wantedly, Inc. GitHub as an Authenticator શ෦ GitHub Ͱཧͯ͠ΈΔ
GitHub Satellite Tokyo LT 12.Jun.2018 - Shimpei Otsubo - @potsbo
©2018 Wantedly, Inc. ࣾһ໊Ͳ͏ͯ͠·͔͢ʁ ݖݶཧͲ͏ͯ͠·͔͢ʁ ใڞ༗Ͳ͏ͯ͠·͔͢ʁ
©2018 Wantedly, Inc. શ෦GitHub ࣾһ໊Ͳ͏ͯ͠·͔͢ʁ ݖݶཧͲ͏ͯ͠·͔͢ʁ ใڞ༗Ͳ͏ͯ͠·͔͢ʁ
©2018 Wantedly, Inc. GitHub ๏ ࣾͳΜͰ(JU)VC (JU)VCΛͬͯ๏ίϛϡχέʔγϣϯͷεϐʔυΛഒʹͨ͠ ใڞ༗͜͏ͯ͠·͢ IUUQTXXXXBOUFEMZDPNDPNQBOJFTXBOUFEMZQPTU@BSUJDMFT ʮJTTVFͭͬͨ͘ʁʯ
ίʔυϨϏϡʔهٞேձඪ݁Ռʜ ࣾશһ(JU)VC ೖࣾϑϩʔ(JU)VCΞΧϯτͷ࡞͔Β
©2018 Wantedly, Inc. ৫্ͷνʔϜͱ(JU)VCͷνʔϜ͕ରԠ infrastructure full-time-employee visit people short-term-intern long-term-intern
engineers ଐੑཧ ৫ߏ ruby … … ࣾһ໊͜͏ͯ͠·͢
©2018 Wantedly, Inc. (JU)VC5FBNΛϕʔεʹೝՄ )3ͷϑϩʔʹΔ͚ͩͰྑ͍ ݖݶͷ֎͠Ε͕ͳ͍ e.g. full-time-employee => ok
org ͔Β֎ͤࣗಈతʹશݖݶΛ revoke Ͱ͖Δ HR ͷೖୀࣾϑϩʔͰେମok ݖݶཧ͜͏ͯ͠·͢
©2018 Wantedly, Inc. ssh Results K public key ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠ kenmon
ssh Production Results K enmon ݕ ಛఆteam ʹೖ͍ͬͯΔͱ production access ͷ ssh ΛڐՄ SSH Proxy with GitHub Private Keys by wantedly
©2018 Wantedly, Inc. એݴ͞Εͨ6TFSOBNFͷެ։伴ͰϩάΠϯ ಛఆͷ5FBNॴଐ͔Λ͔֬ΊΔ తͷ4FSWFSͷ44)ΛڐՄ ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠
ssh Results K public key kenmon ssh Production Results
©2018 Wantedly, Inc. Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups
RBAC!! genmon TokenReview G enmon ݳ ֤ team ʹରͯ͠ దͳݖݶΛ༩ by wantedly Webhook token authenticator for Kubernetes Results Token
©2018 Wantedly, Inc. %BFNPO4FUͰ֤NBTUFSʹHFONPO͕ଘࡏ 8FCIPPL"VUIFOUJDBUJPOͰHFONPO 5FBN(SPVQͱͯ͠ѻ͍3#"$ https://github.com/appscode/guard
https://github.com/oursky/kubernetes-github-authn ࢀߟ࣮ https://kubernetes.io/docs/admin/authentication/#webhook-token-authentication Role Based Access Control Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups RBAC!! genmon TokenReview Results Token
©2018 Wantedly, Inc. K enmon ݕ ಛఆteam ʹೖ͍ͬͯΔͱ production access
ͷ ssh ΛڐՄ G enmon ݳ ֤ team ʹରͯ͠ దͳݖݶΛ༩ by wantedly SSH Proxy with GitHub Private Keys Webhook token authenticator for Kubernetes by wantedly
©2018 Wantedly, Inc. ࣾશһGitHubʹೖΕͪΌ͓͏ GitHubΛೝূαʔϏεͱ͓ͯ͠͏ ৫ߏͱTeamߏΛ߹ΘͤΑ͏ Summary