It’s Friday morning and you’re about to wrap early on your weekly development sprint. The PR uses a new browser feature, so there’s one thing left to do before merging: test it with HTTPS. You ask Google how to get a certificate for development, and they point you to the stackoverflow article aptly titled “how to get a localhost certificate”. Only one cryptic incantation of openssl command line flags stands between you and an early weekend:
$ openssl req -new -x509 -sha256 -days 3650 \ -subj “/C=US/ST=CA/O=My Org/CN=my-app.localhost” \ -addext “subjectAltName = DNS:my-app.localhost,DNS:*.my-app.localhost” \ -newkey ec:<(openssl genpkey -genparam -algorithm ec \ -pkeyopt ec_paramgen_curve:P-256) -noenc
You text your partner and let them know you’ll be working late tonight.
Developing with Encryption
If you have found yourself manually provisioning certificates this way it’s likely because you were trying to accomplish another goal altogether, such as:
Web workers for in-app notifications and background processing.
Bi-directional streaming in your internal gRPC service.
Integrating an OAuth or webhook service that requires a HTTPS callback URL.
Service-to-service encryption without a sidecar or mesh layer proxy.
Testing XSS and CSRF resilience.
Chances are your company uses an ACME powered certificate authority in your staging and production environments, so provisioning certificates for your public domain isn’t something you’ve even thought about. But what about in development? And how about for your backend services?
Introducing Anchor
As of today, Anchor is live with features for local development. Adding TLS/HTTPS to your development process has never been easier or faster. It takes just a few keystrokes to enable your Ruby, JavaScript, Go, and Python apps. No need to deal with DNS, complicated CLI commands, or cypher suites.
Check out this 2 minute video to see just how quick and easy it is to add TLS & HTTPS to your development environment.
Loading...
What’s Next
We are starting with local development, but we have big plans. For more info about where we’re headed, check out part 1 and part 2 of this series. Stay tuned for staging & production deployment support in the future.
Effortless Encryption
Anchor is a developer-oriented service that sets up TLS encryption on your applications, APIs, and services for you. It gives you everything you need to effortlessly encrypt your applications and the clients that consume them across all deployment environments.
Get started building your applications with encryption; Anchor is free for local development. We’ll soon be releasing the next wave of features that brings the promise of Anchor to your staging and production environments.
Signup for Anchor at https://anchor.dev/ and add TLS to your development process in minutes.