We currently have to put in lots of credentials to different builds to let it integrate with various services. With the advent of things like Service Meshes, we'd love for CircleCI to provide every build with a JWT containing all of the relevant info, signed by CircleCI, with that public key published etc.

I imagine the info bound inside the JWT would be things like:

This would let us use things like https://istio.io/latest/docs/tasks/security/authorization/authz-jwt/ to say, allow access to certain endpoints by specific CircleCI jobs or repositories, without needing to manually set up credentials on both sides.