Securing Dapr deployments

Best practices and instructions on how to secure your Dapr applications

Setup & configure mutual TLS

Encrypt communication between Dapr instances

Configure API authorization with OAuth

Enable OAUTH authorization on Dapr endpoints for your web APIs

Enable token based API authentication

Require every incoming API request to include an authentication token before allowing that request to pass through

Last modified January 30, 2021: Update (#1118) (10c2d21)