PS Product SecurityKnowledge Base

mTLS / Service Identity Review Checklist

  • What is the trust domain?
  • Which component issues workload certificates?
  • Where do workload private keys live?
  • What rotates automatically and what needs operator action?
  • Is strict mTLS enforced or still permissive?
  • Is application authorization separate from transport authentication?
  • Can non-production trust anchors be accepted by production workloads?