Microservice AuthN and AuthZ
Sep 15, 2019
Learn how you can use HashiCorp Consul and Vault to handle microservice authentication and authorization challenges.
- Nic JacksonDeveloper Advocate, HashiCorp
At a DevOps Con session, HashiCorp Developer Advocate Nic Jackson coveres the topics of microservice authentication (AuthN) and authorization (AuthZ), identifying the differences between the two and explaining why you need both.
This talk covers common patterns for request validation to avoid the "confused deputy problem" with things like HMAC and JWT. Nic will also cover the importance of centralized secrets managemnt and show how you can use tools such as open source HashiCorp Vault to keep your systems and users secure.
What you'll learn
- How to use JWT for AuthZ
- How to implement 2-factor authentication for your apps
- How to secure microservice secrets
- Implementing TLS and mTLS (Consul Connect can ensure secure service-to-service comms)
- How to avoid being the next Equifax and secure your database access
- How to encrypt your data in-transit and at rest
- How to build secure secret access policies