You are viewing a previous version of KrakenD Community Edition (v2.2) , go to the latest version

Zero-trust policy

Document updated on Mar 13, 2023

Real-world API deployments suffer attacks every day, even if you don’t notice it. Where there is an accessible server, there is malicious activity.

The Zero Trust security is a software architecture design choice to deny by default any activity unless specifically allowed. This type of policy is very secure, but usually adds a lot of burden on infrastructure administrators. KrakenD offers a balance of tools and default secure choices to ease the administration while keeping the software secure.

Zero Trust pillars

Explicit declaration
Least-privilege access
Assume breach

Nothing behind the corporate firewall is safe. Nothing behind the gateway is safe. The Zero Trust model assumes breach and verifies each request as it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.”

Every access request with tokens is fully authorized, and decrypted before granting access. Segmentation by multiple criteria and least-privilege access principles are applied to minimize lateral movement.

KrakenD assumes the following behaviors when serving an API:

No endpoints exposed unless explicitly declared:
- No possible scan of the upstream services
- No Zombie APIs as all routes are typed. No possibility to leave unnoticed endpoints behind
No header, query string, or cookie forwarding unless explictly declared which ones:
- Injections limited because only what is explicitly declared is the atack surface
TLS defaults to TLS v1.3, the most secure, and rejects older versions
OWASP recommendations applied risks mitigated, including but not limited to the Top 10:

Community Documentation

Zero-trust policy

Zero Trust pillars

Unresolved issues?