service-mesh
Safeguard articles tagged "service-mesh" — guides, analysis, and best practices for software supply chain and application security.
13 articles
Service Mesh Security: mTLS, Authorization, and Zero Trust
A service mesh can give you mutual TLS between every service, identity-based authorization, and encrypted traffic without touching application code — or it can become an over-privileged proxy layer you never locked down. Here is how to do it right.
Implementing mTLS in Kubernetes clusters: a hands-on guide
Kubernetes ships zero built-in encryption for pod-to-pod traffic — here's how cert-manager and service meshes fix that, and the five misconfigurations that quietly undo it.
Securing gRPC microservice communication
gRPC's binary, multiplexed transport breaks REST-era security tooling. Here's how to fix mTLS gaps, reflection exposure, and per-method authorization.
What is Microservices Security
Microservices security means securing service-to-service auth, dependencies, and containers across hundreds of independently deployed services—not one monolith.
mTLS (mutual TLS)
What is mTLS? A precise breakdown of mutual TLS authentication, how it differs from standard TLS, why service meshes depend on it, and how to handle certificate rotation.
How to set up mutual TLS (mTLS) between microservices
A step-by-step guide to configuring mTLS across microservices with Istio — from CA setup and PeerAuthentication policies to certificate rotation and verification.
Service Mesh for Supply Chain Policy Enforcement
Using Istio, Linkerd, and Cilium service mesh to enforce signed-artifact, SPIFFE identity, and provenance-aware policy in production clusters.
Kubernetes Service Mesh Policy Depth
Service meshes promise layered policy. The promise is real, but the layers only help if you use them, and most deployments use one.
Envoy Proxy Security Hardening for Production Deployments
Envoy powers service meshes and API gateways across the industry. Its default configuration prioritizes connectivity over security. Here is how to fix that.
gRPC Security Considerations: Protecting High-Performance Service Communication
gRPC's binary protocol and HTTP/2 transport make it fast. They also make it harder to inspect, monitor, and secure than REST APIs. Here is what you need to know.
Service Mesh mTLS Configuration: Getting Mutual TLS Right
Service meshes promise automatic mTLS. The reality involves permissive modes, certificate management complexity, and gaps that attackers can exploit.
Microservices Security Architecture: A Supply Chain Perspective
Microservices multiply your dependency surface. This guide covers service mesh security, inter-service authentication, and dependency management across distributed architectures.