CtrlK
BlogDocsLog inGet started
Tessl Logo

mtls-configuration

Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing zero-trust networking, certificate management, or securing internal service communication.

73

1.02x
Quality

59%

Does it follow best practices?

Impact

97%

1.02x

Average score across 3 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./tests/ext_conformance/artifacts/agents-wshobson/cloud-infrastructure/skills/mtls-configuration/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

19%

Zero-Trust Migration for a Fintech Service Mesh

Istio mTLS migration policy

Criteria
Without context
With context

Mesh-wide STRICT mode

100%

100%

Legacy namespace PERMISSIVE

100%

100%

Payment port STRICT

50%

100%

Metrics port disabled

50%

100%

PeerAuthentication API version

100%

100%

DestinationRule ISTIO_MUTUAL

100%

100%

DestinationRule API version

0%

100%

No production DISABLE

100%

100%

Migration rationale documented

100%

100%

workload selector present

100%

100%

100%

Automated Certificate Management for Healthcare Microservices

cert-manager certificate lifecycle

Criteria
Without context
With context

Short-lived duration

100%

100%

Early renewBefore

100%

100%

Server auth usage

100%

100%

Client auth usage

100%

100%

Short name DNS

100%

100%

Namespace-qualified DNS

100%

100%

FQDN DNS

100%

100%

Uses ClusterIssuer

100%

100%

CA-backed issuer

100%

100%

Renewal rationale documented

100%

100%

Certificate API version

100%

100%

92%

Securing External API Connections and Diagnosing mTLS Failures

External service TLS modes and debugging

Criteria
Without context
With context

MUTUAL mode for partner API

100%

100%

Client cert in MUTUAL

100%

100%

Private key in MUTUAL

100%

100%

CA certs in MUTUAL

100%

100%

SIMPLE mode for analytics API

100%

100%

CA certs in SIMPLE

0%

0%

No client certs in SIMPLE

100%

100%

istioctl tls-check in runbook

100%

100%

Cert expiry check in runbook

100%

100%

Debug log level in runbook

100%

100%

DestinationRule API version

100%

100%

No DISABLE mode used

100%

100%

Repository
Dicklesworthstone/pi_agent_rust
Commit

47823e3

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Zero-Trust Migration for a Fintech Service MeshAutomated Certificate Management for Healthcare MicroservicesSecuring External API Connections and Diagnosing mTLS Failures

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill