Kloak: A secret manager that isolates Kubernetes workloads from secret access

Kloak separates secret retrieval from workload execution in Kubernetes, preventing applications from directly accessing credentials. Instead of injecting secrets into pods, it acts as an intermediary that grants time-limited access only when needed. For teams running sensitive services on K8s, this reduces the blast radius if a workload is compromised.