3 Service-to-service communication
This chapter covers
- Analyzing problems faced securing service-to-service calls to discover vulnerabilities
- Analyzing technologies available to secure the service-to-service call graph
- Compiling the list of security technologies every developer should know
All applications must solve the following four security problems:
- Securing communication channels
- User authentication
- Handling sensitive credentials such as API keys required to access external services
- Running the application securely in a cloud environment
In chapters 1 and 2, we discussed securing communication channels and user authentication. In this chapter, we’ll continue with the following two bullet points.
In a microservice-based application, a single user request can travel between multiple microservices, like a chain of friends trying to pass along a secret. But the whole system falls apart if one friend is a loudmouth or a spy. That’s why securing the service-to-service call chain is so important. In this chapter, we’ll dive into the challenges of keeping these calls secure and explore common solutions and patterns to ensure your microservices aren’t spilling secrets like they’re on a reality TV show.