In a previous instalment I wrote about protecting SSH keys at rest, probably someone with a sharp eye has spotted that I’m using ed25519 signature scheme to generate my SSH key-pair. In this post I’m going to delve the use os elliptic-curve signatures and why they are a good fit for a modern and scalable operation. An overview on SSH encry...
Photo by Richard Payette on Unsplash Houston we have a problem. Where Are My SSH Keys? Unencrypted private SSH keys can be compromised,leaked or lost in may circumstances . Accidental commits into SCMs (git), unencrypted hard drives, backups and decommissioned hardware among the most common ways to scatter these sensitive credentials all o...
On AWS cloud platform, permissions management are defined by the IAM identities which consist of users, groups of users, or roles with attached scoped policies and most of these policies are defined as Json documents. AWS IAM is a vast topic and requires lot of practices to understand all the actions for any AWS service and its principals. Hence...
Today Terraform can be considered the de facto infrastructure as code software tool. Whilst the first releases were quite smooth to transition from a version to another. On May 2019 we have got Terraform 0.12 and all the sudden many of us discovered that our modules and code were no longer working with the new version. Lot of us found themselves...
Packer is a free and open source tool to create golden machine images for various platforms and operating systems using single source configuration. I have been using packer to solve quite few interesting problems, from hardening Linux servers, create AWS EC2 ami’s with encrypted boot volume in order to achieve full disk encryption, Virtuabox ma...
A bit of history….. Since I started to use terraform back in 2015 (good old days), the state management has been quite painful for individuals and teams. The biggest concerns about state management were state corruption, state leak (usually trough a git public repo) and state deletion, unintentional or intentional. Then terraform remote state ...
These days, where the “everything as code” paradigm is pretty much everywhere in the information technology world, infrastructure, containers and applications are configured and deployed usually via declarative tools (Terraform, Ansible, Helm) making the development and deployment consistent and repeatable. However, somewhere where the automate...