How to create a public key store for microservices?
I implemented a set of microservices in a docker enviornment. And each of these services communicate with each other using JWT tokens. When service A calls to service B
- Service A, sign the token using his private key and pass to service B
- service B, gets the public key of ServiceA from a public key store and verify the token
Public/private key generation process is done by microservices itself and then they will pass the public key to the public key store. So the only thing that the public key store has to do,
- Store public keys send by services
- Send correct public key to services on request
What I am going to do is similar to what shows in this diagram.
I got above image from: https://www.youtube.com/watch?v=dBdZrw2pPvc&t=462s
So my problem is, are there any standard implementation of this kind of public key stores? If so what are they?
If security is not important:
- Redis: https://redis.io/
- Consul: https://www.consul.io/
- Etcd: https://coreos.com/etcd
- Zookeeper: https://zookeeper.apache.org/
If security is important:
- Vault: https://www.vaultproject.io/
- Conjur: https://www.conjur.com/
- Thycotic: https://thycotic.com/
- Docker Secrets: https://docs.docker.com/engine/swarm/secrets/
Honestly there are a bunch more options, but these are some of the most famous and vetted by the DevOps community.
- How can i use a reverse shell over global Internet?
- Should I Manually Patch the Pandas DataFrame.query() Vulnerability or Wait for an Official Update?
- C# - Securely storing a password locally
- how to secure keys for API calls from android device to amazon services
- Should I add application.properties to .gitignore if the Git repository is private and both the server and DB are on an internal network?
- Understanding the port numbers of a network connection strings in systemd output of an ubuntu device
- Disable firefox same origin policy
- SecurityError: Blocked a frame with origin from accessing a cross-origin frame
- Securely decoding a Base64 character array in Java
- Is There a Security Risk Using ADB Over TCP/IP for Wireless App Development in Expo?
- Is it a good idea to distribute docker image containing my selfsigned certificate?
- Is it possible to externalize nested components
- How can I make a file trully immutable (non-deletable and read-only)?
- Buzz words in architecture document
- Docker and securing passwords
- Security implications of adding all domains to CORS (Access-Control-Allow-Origin: *)
- Is it possible to browse a spreadsheet when an importrange has been authorized?
- Wordpress ==> SSL ==> MySQL is this configuration possible?
- How to Create Secure(TLS/SSL) Websocket Server
- Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
- openapi generator unauthorized 401 via $ref url in yaml
- Deploying a Mercurial Repository to Production - Security Concerns and Tips
- How to find tables using row access policies in Snowflake
- Issue with CORS origin linked to API key
- How to track hacking attempts on a website
- Encrypting AES key with RSA public key
- Why Does OAuth v2 Have Both Access and Refresh Tokens?
- How to make copilot not leak secret credentials (neovim)?
- Clear GPG Cache/Password after Encryption in Linux Terminal
- Keycloak: Role based client log-in access restriction for users