Zero trust, mTLS, Vault secrets, gateway auth forwarding, audit logs — defence in depth for microservices.
Microservices Security
# 1. Zero Trust: never trust, always verify
# Even internal service calls must authenticate
# 2. mTLS (service mesh handles automatically)
# 3. Secrets with HashiCorp Vault
import hvac
client = hvac.Client(url="https://vault:8200")
secret = client.secrets.kv.read_secret("secret/user-svc")
db_pw = secret["data"]["data"]["DB_PASSWORD"]
# 4. Gateway injects user context headers
# Gateway validates JWT then passes:
# X-User-ID: 42
# X-User-Role: admin
# Internal services trust these headers
# 5. Audit log sensitive operations
log.info("payment_charged",
user_id=42, amount=99.99, service="payment-svc")
# 6. K8s NetworkPolicy whitelist traffic