Chapter 10. Workload Identities

Once you complete your API authorization and deploy your APIs to Kubernetes, you are likely to have some further API security requirements, since OAuth alone does not solve all API security problems. Some security best practices, like hardening of containers and authorizing access to Kubernetes cluster resources, are outside the scope of this book. Instead, we want to highlight some characteristics of cloud-native environments that can help to meet the following OAuth-related requirements:

Malicious parties must be unable to read confidential internal API traffic.
Only trusted clients must be able to reach the target APIs.
Malicious parties must be unable to impersonate your APIs by using its secrets.
Malicious parties must be unable to gain API access with a stolen token.

Cloud native infrastructure security provides additional building blocks that enable ...

Get Cloud Native Data Security with OAuth now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cloud Native Data Security with OAuth by Gary Archer, Judith Kahrer, Michał Trojanowski

Chapter 10. Workload Identities

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly