"DataSet for Secrets Gateway for TDSC"

"Organizations running hundreds of microservices on Kubernetes face a scaling problem in secrets management: each workload independently authenticating to a centralized secrets backend produces thousands of concurrent connections, each carrying TLS handshake, authentication, and session maintenance overhead. This paper presents secrets-gateway, an architecture informed by enterprise deployment experience that consolidates per-workload backend connectivity into a small pooled set of connections per cluster while preserving namespace-level tenant isolation through five independent defense layers. We make three contributions: (1) a centralized gateway with cross-account identity federation that replaces hundreds of per-workload IAM configurations with a single identity chain per cluster; (2) an analysis showing that credential lease renewability\u2014not architectural convention\u2014determines when sidecar overhead is justified, and that for non-renewable OAuth2 credentials (the majority in enterprise environments), sidecars provide no renewal benefit; (3) a testbed evaluation across synthetic multi-tenant clusters at enterprise scale demonstrating connection reduction from O(workloads) to O(replicas), substantial backend resource savings, and sustained tenant isolation under adversarial testing.Index Terms\u2014Kubernetes, secrets management, credential injection, multi-tenant security, connection pooling, OAuth2, cloud-native infrastructure."