在 EKS 上给 Pod 绑 IAM Role:IRSA(ServiceAccount + OIDC)到底怎么回事

Posted on Sun 25 January 2026 in Kubernetes • Tagged with Kubernetes, EKS, AWS, IAM, IRSA, OIDC, Security, STS

Node Role 像一把“万能钥匙”。IRSA 让你把权限精确绑定到 Pod:用 Kubernetes 的 ServiceAccount token 走 OIDC 联邦,去 STS 换临时凭证。


Continue reading

密码存储的艺术

Posted on Sun 14 September 2025 in Journal • Tagged with journal, blog, security, encryption, aes-gcm, envelope-encryption

聊聊如何安全存储密码和密钥,从基础概念到实际实现,让你告别"123456"时代


Continue reading