Security and Governance with Choreo

How to implement security and governance for your microservices with Choreo

Introduction

Enterprise application development has come a long way from the large monolithic applications to microservices-based, domain-driven applications with 10s, 100s, or even 1000s of independent services. When you have a distributed system, implementing shared functionality such as security, observability, and access controls can be a time-consuming task if you are to implement them on each service. In most cases, these capabilities are provided through a centralized component such as an API gateway and an external log monitoring solution. If you are developing enterprise applications, you should spend time configuring these tools and engaging them with your applications in a manual way.

Choreo methodology

Choreo is a platform for developers. It takes the burden of deploying and managing shared services and components from the developers. Instead, Choreo provides these capabilities to the developers with the simplest of configurations such as a button click. There is no difference for security and governance as well. Developers can enable security and governance for the applications they develop in Choreo using the API management capabilities of Choreo. The figure below depicts the Chore interface that can be used to configure these capabilities into your applications.

Figure: Choreo API Management features

Choreo comes with a built-in API Management feature set that covers the shared functionality for services such as

• Security
• Rate-limiting (Usage plans)
• Lifecycle management
• Observability

These capabilities can be enabled directly from the same interface that we used to deploy the services. In Choreo, managing the service as an API is an intrinsic feature. Developers don’t need to worry about writing separate code or building APIs on a separate tool. Developers can control all the required features from the Choreo interface using a browser. There is no need to create an API by pointing to the service definition such as Swagger or OAS in Choreo. It happens automatically. Then the developers can control the lifecycle from the same interface.

Figure: Choreo API lifecycle management feature

Security and rate-limiting policies can also be configured for each resource in the API with simple configurations without changing the code. In addition to that, different subscription plans can also be configured from this interface.

All these additional capabilities let developers focus more on building business logic rather than worrying about these additional capabilities.