Overview
Zero-trust identity fabric enforcing mutual TLS across all platform services. Every service-to-service call is authenticated and encrypted — no implicit trust inside the cluster.
Key Capabilities
- Istio-based service mesh with STRICT mTLS mode
- SPIFFE/SVID workload identity per service
- step-ca PKI with Cloud KMS-backed root CA
- AuthorizationPolicy enforcement at pod level
- Audit log sink for every authenticated call