Presentation

Microservice AuthN and AuthZ

Published 7:00 AM UTC Sep 15, 2019

Learn how you can use HashiCorp Consul and Vault to handle microservice authentication and authorization challenges.

Speakers

At a DevOps Con session, HashiCorp Developer Advocate Nic Jackson coveres the topics of microservice authentication (AuthN) and authorization (AuthZ), identifying the differences between the two and explaining why you need both.

This talk covers common patterns for request validation to avoid the "confused deputy problem" with things like HMAC and JWT. Nic will also cover the importance of centralized secrets managemnt and show how you can use tools such as open source HashiCorp Vault to keep your systems and users secure.

What you'll learn

  • How to use JWT for AuthZ
  • How to implement 2-factor authentication for your apps
  • How to secure microservice secrets
  • Implementing TLS and mTLS (Consul Connect can ensure secure service-to-service comms)
  • How to avoid being the next Equifax and secure your database access
  • How to encrypt your data in-transit and at rest
  • How to build secure secret access policies

More resources like this one

  • 4/11/2024
  • FAQ

Introduction to HashiCorp Vault

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

View all resources