Solid reference for implementing mutual TLS across service meshes, with working configs for Istio, Linkerd, and SPIFFE/SPIRE. The debugging section actually helps when TLS handshakes fail, showing specific istioctl commands to check certificate status and peer authentication policies. Templates cover the migration path from PERMISSIVE to STRICT mode that most teams need. Certificate rotation examples are practical, including the base64 decode pipeline to check expiry dates. Best practices section cuts through the usual security theater to focus on operational concerns like short-lived certificates and proper CA hierarchy.
npx skills add https://github.com/wshobson/agents --skill mtls-configuration