Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
68thAirhacksQ&A.md

Ask questions and see you at November, 1st, 6.PM. CET: http://www.ustream.tv/channel/adambien

Also checkout recent episode:

67th airhacks.tv

Please keep the questions Java EE-stic. Means: as short and as concise as only possible. Feel free to ask several, shorter questions.

@deratzmann

This comment has been minimized.

Copy link

deratzmann commented Oct 23, 2019

Hi Adam.

Last time I asked about how to pass secret data in quarkus without checking in the secret to git.

Of course I know the often propagated way to use system or environment properties.

BUT: In my eyes it is not “production ready” when you write a DB password or sth like that to an environment variable.

By printing “env” someone (hacker, sysadmin, technican from outside the team) has the most easiest way to get my DB password. Often some servers also print out the vars in the log.

So I think, this is not a good way, especially to meet the requirements of security compliances of a company.

What is your opinion about that?

As we use payara as application server, there is a way to store these secrets as a domain password alias and reference it with simple Injections.

So my question last time was: Is there a way in quarkus to store and read a password safely not using system or environment vars.

Thanks.

Best regards from Hamburg.

Bastian

@comdotlinux

This comment has been minimized.

Copy link

comdotlinux commented Oct 25, 2019

Hello Adam,

I really like the Web Components approach and not having to rely and fix versions of npm and dependencies in the package.json
Further The Code is extremely fast because almost everything is cached!

The Question is how do you handle i18n in the Web Components? I could not find a reliable answer which doesn't need some package from npm!

Thanks,
Guru

@comdotlinux

This comment has been minimized.

Copy link

comdotlinux commented Oct 25, 2019

Hi Adam.

Last time I asked about how to pass secret data in quarkus without checking in the secret to git.

Of course I know the often propagated way to use system or environment properties.

BUT: In my eyes it is not “production ready” when you write a DB password or sth like that to an environment variable.

By printing “env” someone (hacker, sysadmin, technican from outside the team) has the most easiest way to get my DB password. Often some servers also print out the vars in the log.

So I think, this is not a good way, especially to meet the requirements of security compliances of a company.

What is your opinion about that?

As we use payara as application server, there is a way to store these secrets as a domain password alias and reference it with simple Injections.

So my question last time was: Is there a way in quarkus to store and read a password safely not using system or environment vars.

Thanks.

Best regards from Hamburg.

Bastian

Hello Bastian
I think Quarkus just had a release and they have a new plugin that maybe interesting to you : https://quarkus.io/blog/quarkus-0-26-1-released/
The name is https://www.vaultproject.io/ and the Guide is here : https://quarkus.io/guides/vault-guide

The extension comes with a MicroProfile config source so you can directly inject secured properties coming from Vault in your application.

Hope this helps. But it will be interesting to hear what Adam thinks of not only this project but also how we can go about using something else. Who knows maybe there will be a standard microprofile API which vendors can implement for secrets!

Thanks,
Guru

@mhrnr

This comment has been minimized.

Copy link

mhrnr commented Oct 31, 2019

Hi Adam,

I'm using JSR-375 Security API in my Jakarta EE project with the out-of-the-box LdapIdentityStore, for example:

@LdapIdentityStoreDefinition(url = "ldap://dc:389",
                             bindDn = "CN=...",
                             bindDnPassword = "...",
                             useFor = IdentityStore.ValidationType.VALIDATE)
@ApplicationScoped
public class LdapIdentityStore {
}

Is it possible to define the attributes for the IdentityStore (url, bindDn, ...) programmatically (without writing a custom Identitystore)? I do not want to hard-code them in the Java class. For example I want to read them from environment variables.

kind regards
Markus

@agimshen

This comment has been minimized.

Copy link

agimshen commented Oct 31, 2019

Hello Adam

What is the best way to achieve consistency in microservices?
What is Quarkus? As a jakarta ee developer in 2019, should you care/learn about Quarkus, what are it's benefits or drawbacks?

Thank you

@robert-niestroj

This comment has been minimized.

Copy link

robert-niestroj commented Oct 31, 2019

In one of your podcasts you talked with Robert Scholte about maven clean and that it should not be used. So my question - when this command exists when should it be used? Why it's not removed or deprecated? Recently i stopped using clean and after a while ran into a problem. After a dependency upgrade in pom.xml in /target folder the dependency appeard twice - old and new version, causing problem in runtime. mvn clean solved the problem. I think it still has it's place.

@gbourant

This comment has been minimized.

Copy link

gbourant commented Nov 1, 2019

Hi Adam,

Let's assume that you are building a service and you have to deploy it on bare metal servers using either of the below:

  1. Docker/Docker Swarm (no auto scaling feature out of the box)
  2. Kubernetes
  3. OKD/OpenShift

Since i would like to use the out of the box auto scaling feature i would choose the 2nd or 3rd option.

My question is : OKD/OpenShift puts another layer of abstraction on top of Kubernetes, does it worth using OKD/OpenShift with the extra layer/complexity?

Thank you.

@guiphh

This comment has been minimized.

Copy link

guiphh commented Nov 1, 2019

Hi Adam,
First, thank you for the show and the podcast, really inspiring and great resources :)

Now the questions:

  1. I've created a Quarkus app and I'm using freemarker to template html frontend because I find it simple and easy to implement. Is it a good approach and how to secure my app for CSRF attacks and so on...? Or do I need to use javascript only and POST JSON?

  2. In your hibernate with panache video, the properties of the Workshop class are left public. Could you please explain why?

  3. I've used your enhydrator to do a poc for etl work. Would you still recommend it nowadays (now that nashorn has been deprecated) or would you recommend a new approach?

Thank you,
Guillaume

@sebargarcia

This comment has been minimized.

Copy link

sebargarcia commented Nov 1, 2019

Hi Adam, looking at the specs in Microprofile (Config, OpenApi, Health Check, Metrics, etc.) , Do you recommend include and use them in a Monolithic Jakarta EE APP (single war)? Because If application server like payara, wildfly or tomee already includes them we can use it and keep our war thin. What are the benefits of this libraries in a monolithic app?

Tthank you.

@dempile

This comment has been minimized.

Copy link

dempile commented Nov 1, 2019

Hi Adam,
We have completed all the microservices connection system with CDC and an Apache Kafka Cluster and its time to go production, do you think it's recommended to use OKD 3.11 instead of Openshift 3.11. If no what kind of alternative do you recommend in selfhosted in-premise environment.
Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.