It’s a mental shift similar to using iam assume role sessions rather than static keys with perms right on em.
Powerful creds should be limited in lifespan and machine issued to users in a transaction that involves mfa.
We built our own but Gravitational Teleport I think has these patterns in a product.
The other issue even if you get certs right is service tokens (an admin could have grabbed a copy of one and they can be used from outside cluster) so want to keep that api wrapped IMHO.
Powerful creds should be limited in lifespan and machine issued to users in a transaction that involves mfa.
We built our own but Gravitational Teleport I think has these patterns in a product.
The other issue even if you get certs right is service tokens (an admin could have grabbed a copy of one and they can be used from outside cluster) so want to keep that api wrapped IMHO.