Terry Beavis | Wednesday, August 5th, 2020
The government programme started with no security requirements for encryption information in transit (TLS). After a review, a new requirement came to encrypt all in-flight communications using TLS.
- Use Hashicorp Vault as central CA
- Implement encryption in transit for all in-flight communications
The solution was designed and implemented using the service mesh pattern in standalone infrastructures using Hashicorp Consul, Vault, Consul Template, HA-Proxy and NGINX.
Some successful POCs were performed to check the viability of the solution.
The main benefit of this design was that applications only had to change the endpoint configurations to speak with the sidecar proxy (no extra development required). The changes happened within DevOps at the infrastructure level.
Implement the service mesh pattern for microservices architectures using containers.
POCs were performed and solution design was delivered.