Secure Code Deployments with Policy-as-Code Enforcement in Identity-Driven Zero Trust Automation in GitOps
InfoVision Inc, TX, USA.
Review Article
World Journal of Advanced Research and Reviews, 2024, 21(03), 2711-2719
Article DOI: 10.30574/wjarr.2024.21.3.0790
Publication history:
Received on 30 January 2024; revised on 19 March 2024; accepted on 28 March 2024
Abstract:
This research presents an identity-driven Zero Trust architecture for GitOps-managed Kubernetes environments, integrating continuous authentication, least-privilege authorization, and automated policy enforcement. The proposed framework embeds policy-as-code validation using Open Policy Agent (OPA) and OIDC-based workload identity into ArgoCD pipelines to enforce explicit authorization at every stage of deployment. Evaluated across multi-cluster AWS deployments, the architecture achieved 99.7% policy compliance, 87% reduction in unauthorized access attempts, and 73% decrease in vulnerability exposure time, with only an 8% operational overhead. By eliminating long-lived credentials and integrating context-aware, short-lived tokens, it enables real-time security posture validation without impeding deployment velocity. The results confirm that Zero Trust can coexist with DevOps agility through identity-centric automation. This work contributes a scalable model for continuous verification and compliance in GitOps workflows, redefining deployment security from static perimeter defense to dynamic, context-aware trust evaluation.
Keywords:
Zero Trust; GitOps; CI/CD; Identity Management; Cloud Security; Policy-as-Code
Full text article in PDF:
Copyright information:
Copyright © 2024 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0