Watch Nic Jackson's DevOpsCon 2018 session

Microservice authentication and authorization

JAXenter Editorial Team

Why are microservice authentication and authorization both required and how can you identify the differences between them? Watch Nic Jackson’s DevOpsCon 2018 session and learn all about microservice authentication and authorization, how to secure your microservices and many more!

In this talk, Nic Jackson shows how you can secure your microservices, identify the difference between authentication and authorization, and why both are required. He investigates some common patterns for request validation, including HMAC and JWT to avoid the confused deputy problem, and also how you can manage and secure secret information.

Finally, you learn how you can leverage tools like the open source HashiCorp Vault as well as features from cloud providers like AWS and GCP, to keep your systems and users secure. The key takeaways from this talk are:

  • Using JWT for Authz
  • How to implement two-factor authentication into your applications
  • Securing microservice secrets
  • Implementing TLS and MTLS
  • Securing database access, don’t be the next Equifax
  • Encryption in transit, secure your data
  • Building a secure secret access policy


Nic Jackson is a developer advocate and polyglot programmer working for HashiCorp, and the author of “Building Microservices in Go” a book which examines the best patterns and practices for building microservices with the Go programming language. In his spare time, Nic coaches and mentors at Coder Dojo, teaches at Women Who Go and GoBridge, speaks and evangelizes good coding practice, process, and technique.



Leave a Reply