zero-trust

📁 bagelhole/devops-security-agent-skills 📅 9 days ago

总安装量

周安装量

#52171

全站排名

安装命令

npx skills add https://github.com/bagelhole/devops-security-agent-skills --skill zero-trust

Agent 安装分布

opencode 1

codex 1

claude-code 1

Skill 文档

Zero Trust Architecture

Implement “never trust, always verify” security model.

Core Principles

zero_trust_principles:
  - Verify explicitly (authenticate all access)
  - Least privilege access
  - Assume breach (micro-segmentation)
  - Continuous validation
  - End-to-end encryption

Identity-Based Access

# Service mesh mTLS
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: default
spec:
  mtls:
    mode: STRICT
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: frontend-to-backend
spec:
  selector:
    matchLabels:
      app: backend
  rules:
  - from:
    - source:
        principals: ["cluster.local/ns/default/sa/frontend"]

Network Segmentation

# Kubernetes Network Policy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress

Implementation Steps

Identify sensitive resources
Map access patterns
Implement strong authentication
Apply micro-segmentation
Enable logging and monitoring
Continuous verification

Best Practices

Identity-aware proxies
Device trust verification
Context-based access
Encrypted communications
Continuous monitoring

Related Skills

service-mesh – mTLS implementation
kubernetes-hardening – K8s security

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台