Transparent TLS

Authenticated and encrypted connections between services are essential for the security and verifiability of confidential applications. These properties are provided by mutual TLS authentication (mTLS). Normally, the applications inside the Marbles must support mTLS, be configured correctly, and be provisioned with the necessary secrets.

Transparent TLS (TTLS) can wrap any connection in TLS on the MarbleRun layer. MarbleRun adds secure communication to your cluster even if your application doesn't support the required TLS features. Just define the desired connections in the manifest.

TTLS is currently available with EGo Marbles. Other runtimes will be supported in future.

Authentication and credentials

By default the Marble's credentials are automatically configured. Connections between two Marbles are mutually authenticated.

You can use custom credentials defined in the manifest's secrets, as described in the manifest workflow. This can be useful when connecting from outside the cluster, to always serve the same certificate.