零信任架构实施指南：原理、代码示例与最佳实践 | 云原生安全

zero-trust-architecture by aj-geddes/useful-ai-prompts

129 周安装量

141 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill zero-trust-architecture

云服务微服务架构安全

🇨🇳中文介绍

零信任架构

概述

基于"永不信任，始终验证"的原则，实施全面的零信任安全架构，核心包括以身份为中心的安全、微分段和持续验证。

适用场景

云原生应用
微服务架构
远程工作人员安全
API 安全
多云部署
遗留系统现代化
合规性要求

快速开始

最小工作示例：

// zero-trust-gateway.js
const jwt = require("jsonwebtoken");
const axios = require("axios");

class ZeroTrustGateway {
  constructor() {
    this.identityProvider = process.env.IDENTITY_PROVIDER_URL;
    this.deviceRegistry = new Map();
    this.sessionContext = new Map();
  }

  /**
   * 验证身份 - 你是谁？
   */
  async verifyIdentity(token) {
    try {
      // 验证 JWT 令牌
      const decoded = jwt.verify(token, process.env.JWT_PUBLIC_KEY, {
        algorithms: ["RS256"],
      });

      // 检查令牌是否已被撤销
      const revoked = await this.checkTokenRevocation(decoded.jti);
      if (revoked) {
        throw new Error("Token has been revoked");
// ... (完整实现请参阅参考指南)

参考指南

目录下的详细实现：

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

指南	内容
零信任网关	零信任网关
服务网格 - 微分段	服务网格 - 微分段
Python 零信任策略引擎	Python 零信任策略引擎

🇺🇸English

Zero Trust Architecture

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Implement comprehensive Zero Trust security architecture based on "never trust, always verify" principle with identity-centric security, microsegmentation, and continuous verification.

When to Use

Cloud-native applications
Microservices architecture
Remote workforce security
API security
Multi-cloud deployments
Legacy modernization
Compliance requirements

Quick Start

Minimal working example:

// zero-trust-gateway.js
const jwt = require("jsonwebtoken");
const axios = require("axios");

class ZeroTrustGateway {
  constructor() {
    this.identityProvider = process.env.IDENTITY_PROVIDER_URL;
    this.deviceRegistry = new Map();
    this.sessionContext = new Map();
  }

  /**
   * Verify identity - Who are you?
   */
  async verifyIdentity(token) {
    try {
      // Verify JWT token
      const decoded = jwt.verify(token, process.env.JWT_PUBLIC_KEY, {
        algorithms: ["RS256"],
      });

      // Check token hasn't been revoked
      const revoked = await this.checkTokenRevocation(decoded.jti);
      if (revoked) {
        throw new Error("Token has been revoked");
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
Zero Trust Gateway	Zero Trust Gateway
Service Mesh - Microsegmentation	Service Mesh - Microsegmentation
Python Zero Trust Policy Engine	Python Zero Trust Policy Engine

Best Practices

✅ DO

Verify every request
Implement MFA everywhere
Use microsegmentation
Monitor continuously
Encrypt all communications
Implement least privilege
Log all access
Regular audits

❌ DON'T

Trust network location
Use implicit trust
Skip device verification
Allow lateral movement
Use static credentials

Weekly Installs

108

Repository

aj-geddes/usefu…-prompts

GitHub Stars

116

First Seen

Jan 21, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

gemini-cli91

opencode91

codex87

cursor82

claude-code82

github-copilot74