Where workload identity breaks without Aembit

Every time a service authenticates to another service with a stored credential, that credential is an expiring liability. These are the four patterns where it breaks worst.