What is Zero Trust?
A security model that verifies every request regardless of network location.
Zero Trust is a security framework based on the principle 'never trust, always verify.' Unlike perimeter-based security (trust everything inside the network), Zero Trust treats every user, device, and service as potentially hostile regardless of where it is. Every access request is authenticated, authorized, and encrypted. In Kubernetes, mTLS between services (via Istio/Cilium), RBAC for API access, and network policies implement zero-trust principles.
More Security Terms
DevSecOps
Integrating security practices into every stage of the DevOps pipeline.
Falco
A runtime security tool that detects anomalous behavior in containers using eBPF/syscalls.
JWT (JSON Web Token)
A compact, self-contained token format for transmitting claims between parties.
mTLS (Mutual TLS)
Two-way TLS authentication where both client and server verify each other's certificates.
OAuth2
An authorization framework allowing third-party apps limited access to user accounts.
OIDC (OpenID Connect)
An identity layer on top of OAuth2 that provides user authentication.
Test your knowledge of Zero Trust and 130 other DevOps concepts