Microservice Security Scaffold
Secure a microservice: generate service-to-service JWT, set up mTLS certificates, configure API gateway headers.
このレシピの使いどころ
Secure microservice architectures with defense in depth: JWT for identity, mTLS for transport, HMAC for request integrity, and CORS at the gateway.
ステップ
Secret Generator
このツールを試す →Per-service secrets
JWT Generator
このツールを試す →Service JWT tokens
RSA Key Generator
このツールを試す →Generate mTLS keys
CORS Generator
このツールを試す →API gateway CORS
HMAC Generator
このツールを試す →Request signing between services
よくある質問
JWT vs mTLS for service-to-service auth?
Use both. mTLS verifies the service identity at the transport layer (which server is calling). JWT carries authorization claims (what the service is allowed to do). Defense in depth.
Do microservices need CORS?
Not between backend services (they communicate directly). CORS is needed at the API gateway/BFF layer where browser clients connect. Internal services should reject all browser requests.
関連レシピ
Website Launch Checklist
Complete pre-launch checklist: SEO meta tags, Open Graph, sitemap, robots.txt, and security headers.
Full-Stack Security Setup
Comprehensive security setup: password hashing, JWT auth, CSP, CORS, security headers, and 2FA.
Freelancer Financial Toolkit
Essential freelancer tools: project margin calculator, invoice tip estimator, and expense split for teams.
Blog Post SEO Optimization
Optimize blog posts with meta tags, Open Graph, SERP preview, and structured data for maximum visibility.