security

Zero-trust network with Consul Connect & Docker TL;DR Docker namespacing capabilities can be used to enforce service-to-service zero-trust network with Consul Connect. To do so, you simply have to override a few default settings of the Consul Agent and the app’s proxy so they’re able to talk to each other and use Docker’s “container” network to allow the app and its proxy to chat together through the shared loopback interface of their own private namespace.

Extract the PKCS#12 file from the .sswan Open the sswan file, you should see something like this : "type": "ikev2-cert" so, according to the documentation, it’s a certificate authentication. We’ll need a CA certificate (usually provided separately, but if it’s not the case, don’t worry) with a client’s certificate and a private key. We’ll use the content of the p12 field of the .sswan file to get all this stuff.