Red Hat at Black Hat USA 2025

What is Trusted Software Supply Chain and why does it matter? An overview of the products included in the Advanced Developer Suite

For years, static secrets and long-lived credentials have been the loyal guardians of virtual machine (VM) security—reliable, familiar, and always on duty. Like a trusted old dog, they’ve watched over your infrastructure faithfully. But these old-school secrets were built for a different time. They're most comfortable when workloads stay put—inside the datacenter, behind a firewall, in environments they understand. Now, with virtualized workloads using Red Hat OpenShift Virtualization and reaching out to public cloud APIs, that once-reliable guard dog can’t always tell whether a request for access is genuine—or a disguised threat slipping through the cracks. He still stands firm and sturdy—but he’s not equipped or trained for unpredictable, fast-evolving and highly ephemeral public and private cloud environments. But this old dog can learn new tricks. Join CyberArk at the Red Hat booth to see how CyberArk Secure Workload Access Solution empowers Red Hat OpenShift Virtualization with dynamic, verifiable workload identities—turning legacy VMs into cloud-ready workloads that can seamlessly and securely connect to services like AWS without ever exposing static secrets. We’ll describe real world access scenarios using CyberArk’s Secure Workload Access and Secrets Manager that seamlessly connect Red Hat OpenShift virtualized workloads directly to AWS IAM Roles Anywhere, enabling VMs to authenticate natively and securely using short-lived credentials. Let your workloads roam safely, with the trust and control security teams demand—without losing the loyalty of your existing infrastructure.

Kenny Peeples,

AI TDP, Principal Architect

Please join us for the Cohesity and Red Hat session and hear how organizations can more easily secure and protect data from virtual machines and containers in their Red Hat OpenShift Virtualization environments with Cohesity DataProtect and NetBackup.

A demo on how ACS can mitigate an attack in progress

Sean Rickerd,

Sean Rickerd, Principal Technical Marketing Manager, Red Hat

Kubernetes may be the de facto container orchestration platform, but its default security posture leaves secrets dangerously exposed. Many platform teams start with base64-encoded secrets and manual key rotation–and this approach doesn’t scale in a multi-team, hybrid environment. This session will explore how teams can evolve from insecure defaults, fragmented tools, and brittle scripts, to centralized, automated secret management using Vault and OpenShift. We’ll walk through real-world patterns and workflows that show how Vault can enhance security across all layers of the OpenShift stack: - Application workloads: Leverage Vault as an external secrets manager for OpenShift clusters to enable ephemeral secrets, audit-ready access, and centralized SecOps control. We’ll cover common integration patterns using Vault Secrets Operator (VSO) and the Secrets Store CSI Driver. - Platform security*: Explore how upcoming KubeKMS support could allow Vault to serve as the external key provider for etcd encryption—boosting the security posture of OpenShift at its core. - OpenShift Layered products: Strengthen zero-trust architecture in OpenShift Service Mesh by integrating Vault with cert-manager and OpenShift’s native mesh capabilities. - OpenShift Platform Plus: Secure container registries like Quay.io with short-lived tokens generated by Vault + External Secrets Operator (ESO), improving both security and operational agility.

Joshua Loscar,

Senior Technical Marketing Manager, Red Hat

Kenny Peeples,

AI TDP, Principal Architect

Joshua Loscar,

Senior Technical Marketing Manager, Red Hat

Joshua Loscar,

Senior Technical Marketing Manager, Red Hat

Kenny Peeples,

AI TDP, Principal Architect

Joshua Loscar,

Senior Technical Marketing Manager, Red Hat

This presentation will discuss how F5 in combination with Red HatOpenShift AI can help protect AI data factories with F5’s AI Gateway. We will provide an overview of a new offering to aid on premises and hybrid cloud deployments. This session will also provide a brief look at how F5 and Ansible Automation Platform can help organizations in automating application security with Event-Driven Ansible.

"For years, static secrets and long-lived credentials have been the loyal guardians of virtual machine (VM) security—reliable, familiar, and always on duty. Like a trusted old dog, they’ve watched over your infrastructure faithfully. But these old-school secrets were built for a different time. They're most comfortable when workloads stay put—inside the datacenter, behind a firewall, in environments they understand. Now, with virtualized workloads using Red Hat OpenShift Virtualization and reaching out to public cloud APIs, that once-reliable guard dog can’t always tell whether a request for access is genuine—or a disguised threat slipping through the cracks. He still stands firm and sturdy—but he’s not equipped or trained for unpredictable, fast-evolving and highly ephemeral public and private cloud environments. But this old dog can learn new tricks. Join CyberArk at the Red Hat booth to see how CyberArk Secure Workload Access Solution empowers Red Hat OpenShift Virtualization with dynamic, verifiable workload identities—turning legacy VMs into cloud-ready workloads that can seamlessly and securely connect to services like AWS without ever exposing static secrets. We’ll describe real world access scenarios using CyberArk’s Secure Workload Access and Secrets Manager that seamlessly connect Red Hat OpenShift virtualized workloads directly to AWS IAM Roles Anywhere, enabling VMs to authenticate natively and securely using short-lived credentials. Let your workloads roam safely, with the trust and control security teams demand—without losing the loyalty of your existing infrastructure."

Joshua Loscar,

Senior Technical Marketing Manager, Red Hat

Discover how to leverage Sigstore’s keyless signatures and attestations to ensure container image integrity and provenance throughout the build and deployment pipeline. This demo will show how integrating Sigstore with Kubernetes admission controller on OpenShift enables only validated, securely built images to run—using organizational identity instead of long-lived private keys for a seamless, secure workflow.

Veda Shankar,

Senior Principal Product Manager, Red Hat

Regulations are tightening, and AI systems need to comply with data residency, access controls, and audit requirements. In this session, we'll show you how you can use Vault and OpenShift with Ansible Automation Platform to build secure, compliant AI pipelines. We’ll cover strategies for automating secrets rotation, access audits, and policy enforcement across data sources, clouds, and containerized workloads giving security and compliance teams confidence without slowing down innovation. This talk explores how Vault and OpenShift with Ansible Automation Platform combine to automate secrets management, certificate issuance, access auditing, and data encryption across AI pipelines deployed in hybrid and multi-cloud environments. You’ll walk away with a clear understanding of how to integrate compliance into the development lifecycle from day one. Key takeaways: - Why compliance is becoming a blocker for AI adoption, and how to solve it - How Vault supports automated, auditable AI workloads - How Ansible Automation is critical for managing and scaling the Vault environment for secure access, - Patterns for enforcing policy in OpenShift-powered multi-cloud pipelines - Reducing regulatory risk without stalling product teams