trow icon indicating copy to clipboard operation
trow copied to clipboard
verified publisher icon Trow-Registry

Add gRPC Auth

Open amouat opened this issue 5 years ago • 3 comments

Investigate adding encryption and auth to front end/back end communication (see architecture diagram). This probably means mutual TLS auth.

In the short term this isn't a large issue as the front-end and back-end are in the same pod and the back-end isn't exposed outside of the pod. But as we look at becoming distributed and H/A this will become important.

amouat avatar Aug 20 '20 16:08 amouat

Absolutely in line with #184

blaggacao avatar Oct 12 '20 02:10 blaggacao

This is slightly different - it's about interior communication between Rocket and the "backend", which occurs via GRPC. The idea is to allow distributed architectures in the future, but at the moment it's an overhead.

amouat avatar Oct 13 '20 11:10 amouat

SPIFFE could (as one option) provide the mTLS machinery that might eventually be required.

blaggacao avatar Oct 13 '20 14:10 blaggacao