8 Securing service-to-service communication over gRPC
This chapter covers
- The role of gRPC in inter-service communications in a microservice deployment.
- Securing inter-service communications that happen on gRPC using mutual TLS (mTLS).
- Securing inter-service communications that happen on gRPC using JSON Web Tokens (JWTs).
In chapters 6 and 7 we discussed how to secure communications among microservices with mTLS and JWT. All the examples we used in those chapters assumed the communication between the calling microservice and the recipient microservice happens over HTTP in a RESTful manner with JSON messages. JSON over HTTP is a common way of communicating between microservices. But another school of thought believes using JSON over HTTP to communicate between microservices is not the optimal way. The argument is that human readable, well-structured data interchange format is no value when the communication happens between two systems (or microservices). Which is true since you only need human readable message formats for troubleshooting purposes and not when your systems are running live. Instead of a text-based protocol like JSON, you can use a binary protocol like protocol buffers. It provides a way of encoding structured data in an efficient manner, when communication happens between microservices.