Our DevSecOps journey with Golang
By Aditya Kumar, Engineer at Macquarie Group
Our focus is to deliver a leading digital banking experience to our customers and in order to achieve this, our applications need to be highly scalable and highly performant. As part of our cloud transformation journey we identified components that needed an uplift to achieve our aspirations. Based on this we decided to adopt a microservice architecture to break down the monoliths and locate these services in the Cloud.
We decided to experiment with GoLang. Go is a statically typed language that is lightweight, performant, can handle heavy loads and is suited to our continuous delivery methodology. Our DevOps Engineers have found the built in features of speed and concurrency support as well as the microservice framework lowers the adoption time for microservice development.
A key concern of deploying our microservices to the Cloud is security. Below we will walk through the process we took to secure a microservice in the Cloud using Go and the AWS service, Key Management Service (KMS)
The ‘encrypting a secret’ use case is straightforward and can be completed by using the CLI commands provided by AWS.
However the ‘decrypting a secret’ use case is more complex as it is used during authentication of a REST microservice call. We need it to be fast and Golang being a strong contender when we are looking for fast, low memory and highly concurrent solutions. Our solution is to create a KMS Decrypt function in Go so that it can be invoked from any source i.e. an EC2 instance or in an AWS Lambda.
Basic Architecture Diagram
Key Libraries while performing KMS Decrypt
KmsDecrypter Function
Setting up the AWS session object plays a crucial role as it provides with the session to create KMS Client
Once the session object is created, we can invoke the KMS Decrypt using the code below
Invoking the KmsDecrypter Function
The KmsDecrypter function can now easily be incorporated in our microservices to secure the transactions.
Results Summary and Learnings
The below table outlines the results achieved.
During Cold Start, a Golang microservice, the decrypt function took only 85 ms to execute. Whereas an equivalent Java based microservice took 1378ms to execute.
An average comparison between Java 11 and Golang for the subsequent calls is as follows on a Golang Function Running on same environment:
GoLang achieved a much faster (16x) cold start time as compared to the performance of Java 11. Once started, the steady state performance of GoLang proved to me much more efficient Java 11 , only taking 8 ms per call vs 11 ms for Java.
Overall our experience of Go is that it is both performant and reliable, we are excited to be able to leverage this new technology and will continue to evaluate appropriate areas to adopt it.
This blog post starts a journey of adoption of microservices built in Go leading to the development of fast, scalable and secure applications deployed to the Cloud.
“Knowledge only increases with sharing and we will be back with some more exciting solutions.”
