Presentation

Microservice AuthN and AuthZ

Published 7:00 AM UTC Sep 15, 2019

Learn how you can use HashiCorp Consul and Vault to handle microservice authentication and authorization challenges.

Speakers

Nic JacksonDeveloper Advocate, HashiCorp

At a DevOps Con session, HashiCorp Developer Advocate Nic Jackson coveres the topics of microservice authentication (AuthN) and authorization (AuthZ), identifying the differences between the two and explaining why you need both.

This talk covers common patterns for request validation to avoid the "confused deputy problem" with things like HMAC and JWT. Nic will also cover the importance of centralized secrets managemnt and show how you can use tools such as open source HashiCorp Vault to keep your systems and users secure.

What you'll learn

How to use JWT for AuthZ
How to implement 2-factor authentication for your apps
How to secure microservice secrets
Implementing TLS and mTLS (Consul Connect can ensure secure service-to-service comms)
How to avoid being the next Equifax and secure your database access
How to encrypt your data in-transit and at rest
How to build secure secret access policies

Sign up for the latest HashiCorp news

More resources like this one

4/11/2024FAQ

Introduction to HashiCorp Vault

12/28/2023FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

3/14/2023Article

5 best practices for secrets management

2/3/2023Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

View all resources