gRPC Client Authentication

A crash course in different auth methods

Introduction Best practices for performing client authentication with gRPC is a question that comes up again and again, so I thought I’d dive into a few different methods for performing authentication, using the tools provided by the Go gRPC packages. Today we’ll explore 3 methods of authentication: TLS Client certificate authentication Token Header authenticaiton HTTP Basic authentication For the TL:DR; check the example repo. Note: Go-gRPC interceptors are being redesigned, so if you implement this in your server today, you may want to keep in mind that it will change again in the future. [Read More]

Automatic TLS certificate distribution with Vault

Introducing Certify, a purpose built library

It’s often recommended that microservice communications are encrypted, especially if they cross the public internet. Even when you control the network, whether virtually or physically, encrypting traffic can still be valuable. Lets Encrypt has revolutionized the distribution of certificates for publically facing servers; unfortunately, encrypting internal traffic often involves complicated certificate generation setups. Hashicorp Vault is a project for storing secrets and performing authentication. It has a PKI Secret Engine backend which allows you to use it as a certificate authority in an internal public key infrastructure deployment. [Read More]