From 7e928b03c5efb333984f86733217b48d5ea17274 Mon Sep 17 00:00:00 2001 From: Michael Malone Date: Tue, 12 Feb 2019 12:09:55 -0800 Subject: [PATCH] readme updates announced autocert & added "connect with mtls" image --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index 3f9fbf5c..2a374e99 100644 --- a/README.md +++ b/README.md @@ -16,10 +16,22 @@ prone. Good security hygiene is hard. Setting up simple PKI is out of reach for many small teams, and following best practices like proper certificate revocation and rolling is challenging even for experts. +Amongst numerous use cases, proper PKI makes it easy to use mTLS (mutual TLS) to improve security and to make it possible to connect services across the public internet. Unlike VPNs & SDNs, deploying and scaling mTLS is pretty easy. You're (hopefully) already using TLS, and your existing tools and standard libraries will provide most of what you need. If you know how to operate DNS and reverse proxies, you know how to operate mTLS infrastructure. + +![Connect it all with mTLS](https://raw.githubusercontent.com/smallstep/certificates/master/autocert/connect-with-mtls.png) + +There's just one problem: **you need certificates issued by your own certificate authority (CA)**. Building and operating a CA, issuing certificates, and making sure they're renewed before they expire is tricky. This project provides the infratructure, automations, and workflows you'll need. + + This project is part of smallstep's broader security architecture, which makes it much easier to implement good security practices early, and incrementally improve them as your system matures. +> ## 🆕 Autocert +> +> +> If you're using Kubernetes, make sure you [check out autocert](autocert/README.md): a kubernetes add-on that builds on `step certificates` to automatically injects TLS/HTTPS certificates into your containers. + ### Table of Contents - [Installing](#installing)