Code Room
System designHardsd-g624
Subject Zero trust mtls authLevel Senior–Staff~50 minCommon in Security interviewsIndustries Technology

Question

Design a zero-trust service-to-service authentication system for a microservice fleet of 6,000 services across multiple clusters, where every internal call must be mutually authenticated and authorized — no implicit trust from being 'inside the network.' Each workload needs a cryptographic identity, certs must rotate frequently (hours), and a compromised node must not be able to impersonate other services. Target adds <3ms per hop and must not require app-code changes. Cover identity issuance, mTLS enforcement, authorization, and rotation.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.