Explore innovative approaches to managing workload certificates in service mesh environments without persisting secrets. Learn about the challenges of using self-signed CAs in production and the security concerns surrounding the storage of intermediate or root CA private keys as Kubernetes secrets. Discover multiple techniques developed by the service mesh community to address these issues, including the use of Registration Authority, Kubernetes CSR, and other novel methods. Compare the tradeoffs between different approaches and gain insights into implementing secure certificate management in your service mesh infrastructure.