Microservice AuthN and AuthZ

Learn how you can use HashiCorp Consul and Vault to handle microservice authentication and authorization challenges.


  • Nic Jackson
    Nic JacksonDeveloper Advocate, HashiCorp

At a DevOps Con session, HashiCorp Developer Advocate Nic Jackson coveres the topics of microservice authentication (AuthN) and authorization (AuthZ), identifying the differences between the two and explaining why you need both.

This talk covers common patterns for request validation to avoid the "confused deputy problem" with things like HMAC and JWT. Nic will also cover the importance of centralized secrets managemnt and show how you can use tools such as open source HashiCorp Vault to keep your systems and users secure.

What you'll learn

  • How to use JWT for AuthZ
  • How to implement 2-factor authentication for your apps
  • How to secure microservice secrets
  • Implementing TLS and mTLS (Consul Connect can ensure secure service-to-service comms)
  • How to avoid being the next Equifax and secure your database access
  • How to encrypt your data in-transit and at rest
  • How to build secure secret access policies

More resources like this one

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 1/20/2023
  • Case Study

Adopting GitOps and the Cloud in a Regulated Industry

  • 1/20/2023
  • FAQ

Introduction to Zero Trust Security