ALTS authentication

Overview

Application Layer Transport Security (ALTS) is a mutual authentication and transport encryption system developed by Google. It is used for securing RPC communications within Google’s infrastructure. ALTS is similar to mutual TLS but has been designed and optimized to meet the needs of Google’s production environments. For more information, take a look at the ALTS whitepaper.

ALTS in gRPC has the following features:

• Create gRPC servers & clients with ALTS as the transport security protocol.
• ALTS connections are end-to-end protected with privacy and integrity.
• Applications can access peer information such as the peer service account.
• Client authorization and server authorization support.
• Minimal code changes to enable ALTS.

gRPC users can configure their applications to use ALTS as a transport security protocol with few lines of code.

Note that ALTS is fully functional if the application runs on Compute Engine or Google Kubernetes Engine (GKE).

gRPC Client with ALTS Transport Security Protocol

gRPC clients can use ALTS credentials to connect to servers, as illustrated in the following code excerpt:

import grpc

channel_creds = grpc.alts_channel_credentials()
channel = grpc.secure_channel(address, channel_creds)

gRPC Server with ALTS Transport Security Protocol

gRPC servers can use ALTS credentials to allow clients to connect to them, as illustrated next:

import grpc

server = grpc.server(futures.ThreadPoolExecutor())
server_creds = grpc.alts_server_credentials()
server.add_secure_port(server_address, server_creds)