I implemented a set of microservices in a docker enviornment. And each of these services communicate with each other using JWT tokens. When service A calls to service B
Public/private key generation process is done by microservices itself and then they will pass the public key to the public key store. So the only thing that the public key store has to do,
What I am going to do is similar to what shows in this diagram.
I got above image from: https://www.youtube.com/watch?v=dBdZrw2pPvc&t=462s
So my problem is, are there any standard implementation of this kind of public key stores? If so what are they?
Disclosure: I am the CTO of Conjur.
Consider the workflow:
The public key store must be sure to:
But there's also another bit that is pretty hard. In step (5), when the key store receives the key for Service A, it needs to verify that the key is actually coming from Service A, and not from an imposter. In other words, it has to authenticate the request.
How you do this depends on the details of your infrastructure. If you are using raw Docker (as opposed to say, Kubernetes), you can use an agent on the server to correlate the IP address of the container to the container list (docker ps
) on the machine. This will tell you the image of the container, which should tell you the identity of the service.
There is a lot of subtlety to this problem, and the solution is somewhat different for each container environment.
If security is not important:
If security is important:
Honestly there are a bunch more options, but these are some of the most famous and vetted by the DevOps community.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With