Chapter 6. Secured gRPC
gRPC-based applications communicate with each other remotely over the network. This requires each gRPC application to expose its entry point to others who need to communicate with it. From a security point of view, this is not a good thing. The more entry points we have, the broader the attack surface, and the higher the risk of being attacked. Therefore, securing communication and securing the entry points is essential for any real-world use case. Every gRPC application must be able to handle encrypted messages, encrypt all internode communications, and authenticate and sign all messages, etc.
In this chapter, we’ll cover a set of security fundamentals and patterns to address the challenge we face in enabling application-level security. In simple terms, we are going to explore how we can secure communication channels between microservices and authenticate and control access by users.
So let’s start with securing the communication channel.
Authenticating a gRPC Channel with TLS
Transport Level Security (TLS) aims to provide privacy and data integrity between two communicating applications. Here, it’s about providing a secure connection between gRPC client and server applications. According to the Transport Level Security Protocol Specification, when the connection between a client and a server is secure, it should have one or more of the following properties:
- The connection is private
-
Symmetric cryptography is used for data encryption. It is a type of ...
Get gRPC: Up and Running now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
