Securing Microservices

Welcome to the third chapter in our journey to learn modern Go cloud programming. In this chapter, we will secure the restful API service that was authored in the preceding chapter. 

Before we start ping into the code we need to write, there are some key concepts that we have to cover in order to provide a decent knowledge foundation.

As we covered in the preceding chapter, web applications need to make use of HTTP (which is an application-level protocol) in order to communicate. HTTP by itself is not secure, which means that it sends data over plain text. Obviously, if we are trying to send credit card information or sensitive personal data, we would never want to send it as a clear text. Fortunately, HTTP communications can be secured via a protocol known as TLS (Transport Layer Security). The combination of HTTP and TLS is known as HTTPS.

In this chapter, we will cover the following topics:

• The internal workings of HTTPS
• Securing microservices in Go