zero-trust
SKILL.md
Zero Trust Architecture
Implement "never trust, always verify" security model.
Core Principles
zero_trust_principles:
- Verify explicitly (authenticate all access)
- Least privilege access
- Assume breach (micro-segmentation)
- Continuous validation
- End-to-end encryption
Identity-Based Access
# Service mesh mTLS
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: default
spec:
mtls:
mode: STRICT
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: frontend-to-backend
spec:
selector:
matchLabels:
app: backend
rules:
- from:
- source:
principals: ["cluster.local/ns/default/sa/frontend"]
Network Segmentation
# Kubernetes Network Policy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
Implementation Steps
- Identify sensitive resources
- Map access patterns
- Implement strong authentication
- Apply micro-segmentation
- Enable logging and monitoring
- Continuous verification
Best Practices
- Identity-aware proxies
- Device trust verification
- Context-based access
- Encrypted communications
- Continuous monitoring
Related Skills
- service-mesh - mTLS implementation
- kubernetes-hardening - K8s security
Weekly Installs
12
Repository
bagelhole/devop…t-skillsGitHub Stars
13
First Seen
Feb 4, 2026
Security Audits
Installed on
codex12
opencode12
github-copilot11
kimi-cli11
gemini-cli11
cursor11