I Secure Production Identity Framework For Everyone
In chapter 6, we discussed the challenges in key management, including key provisioning, trust bootstrapping, certificate revocation, key rotation, and monitoring the key usage. In a typical microservices deployment, each microservice is provisioned with a key pair. In chapter 6 you did that by manually copying Java keystore files to the Order Processing and Inventory microservices. Doing things manually won’t work in a microservices deployment, however—everything must be automated. Ideally, during the continuous integration/continuous delivery (CI/CD) pipeline, the keys should be generated and provisioned to the microservices. In chapter 11 we discussed how to deploy and secure microservices in a Kubernetes environment and then in chapter 12 we discussed how to secure a microservices deployment with Istio service mesh. In both the cases we relied on Kubernetes and Istio to provision and manage keys of our microservices. This appendix assumes that you have a good knowledge on Kubernetes and Istio service mesh, so we would recommend you first go through appendices B and C, and chapters 11 and 12.