Code Room
System designHardsd-g690
Subject EncryptionLevel Senior–Staff~45 minCommon in Security interviewsIndustries Technology

Question

Design a zero-trust workload-identity and secrets-distribution system so that 50K microservice instances can authenticate to each other and obtain short-lived credentials (DB passwords, API keys, mTLS certs) with no hardcoded long-lived secrets anywhere. Scale: 500K identity/credential requests/s, certs/secrets must rotate automatically (minutes-to-hours TTL), and a compromised service must not be able to impersonate another. Threat model: secrets leaking in images/env vars/logs, a compromised node, and lateral movement between services. Cover how a workload bootstraps its identity, the cert/secret issuance flow, rotation, and the trust root.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.