Safeguard
Tag

mtls

Safeguard articles tagged "mtls" — guides, analysis, and best practices for software supply chain and application security.

13 articles

Application Security

Securing gRPC APIs: mTLS, Interceptors, and Input Validation

CVE-2023-44487 knocked grpc-go services offline with a Rapid Reset flood — a reminder that gRPC ships fast, insecure by default, and needs hardening at every layer.

Jul 10, 20266 min read
Security Guides

API Authentication Best Practices (2026)

How you authenticate API clients decides how bad a leaked credential gets. Here is how to choose and harden API keys, bearer tokens, JWTs, and mTLS in 2026.

Jul 8, 20266 min read
Container Security

Service Mesh Security: mTLS, Authorization, and Zero Trust

A service mesh can give you mutual TLS between every service, identity-based authorization, and encrypted traffic without touching application code — or it can become an over-privileged proxy layer you never locked down. Here is how to do it right.

Jul 8, 20265 min read
Kubernetes Security

Implementing mTLS in Kubernetes clusters: a hands-on guide

Kubernetes ships zero built-in encryption for pod-to-pod traffic — here's how cert-manager and service meshes fix that, and the five misconfigurations that quietly undo it.

Jul 8, 20266 min read
Application Security

Implementing SSL/TLS certificate pinning in Node.js

HTTP Public Key Pinning died in Chrome 67 back in 2018, yet Node.js apps still need pinning for mobile backends and server-to-server calls — here's how to do it without bricking your own API.

Jul 8, 20266 min read
Application Security

Securing gRPC microservice communication

gRPC's binary, multiplexed transport breaks REST-era security tooling. Here's how to fix mTLS gaps, reflection exposure, and per-method authorization.

Apr 26, 20267 min read
Application Security

Microservices security: authentication between services

Service-to-service auth stops lateral movement between microservices. Learn how mTLS, OAuth2, and SPIFFE/SPIRE secure internal calls in production.

Apr 26, 20267 min read
Identity Security

SPIFFE/SPIRE identity

What is SPIFFE/SPIRE? A plain-language breakdown of the SPIFFE identity framework, SPIRE workload identity, SVIDs, and how it compares to plain mTLS.

Mar 2, 20267 min read
Identity Security

mTLS (mutual TLS)

What is mTLS? A precise breakdown of mutual TLS authentication, how it differs from standard TLS, why service meshes depend on it, and how to handle certificate rotation.

Mar 2, 20267 min read
Identity Security

How to set up mutual TLS (mTLS) between microservices

A step-by-step guide to configuring mTLS across microservices with Istio — from CA setup and PeerAuthentication policies to certificate rotation and verification.

Feb 19, 20266 min read
Concepts

What Is Mutual TLS (mTLS)? Two-Way Authentication Explained

Mutual TLS makes both sides of a connection prove their identity with certificates, not just the server. It is the backbone of zero-trust communication between services.

Feb 11, 20255 min read
Kubernetes Security

Service Mesh mTLS Configuration: Getting Mutual TLS Right

Service meshes promise automatic mTLS. The reality involves permissive modes, certificate management complexity, and gaps that attackers can exploit.

Mar 12, 20235 min read
mtls — Safeguard Blog