# Device Authentication Scenarios How can IoT device credentials be securely shared with Kubernetes workloads? ## Ideas - [OPC UA scenario in Akri](https://github.com/deislabs/akri/blob/main/docs/opcua-configuration.md#mounting-opc-ua-credentials-to-enable-security): Client/server x.509 v3 certificates have common root certificate. The application and root certificate are mounted into the broker Pod as Kubernetes secrets. Client/server authenticate based on shared root. - Leverage [istio](https://istio.io/)