Let's take a look at how we can configure TLS for our microservice using Vault
The first thing we need to do is to create a mount point in Vault for our TLS certificates
Nicholas Jackson nicholasjackson
📺
I spoke at an event in Oslo where Vesselin gave a talk about how honey pots could be used to automate network security by automatically updating cloud armor rules to block the attacker.
At the time I was giving a talk on Terraform and Vault, but as I watched Vesselin's talk I wanted to build a system that could automate firewall rules using Terraform.
Providing remote access to applications and systems requires secure routing to the destination and credentials to authenticate the user. Traditionally, you achieve this using a Virtual Private Network (VPN) or a Bastion server to bridge into the private network. Credentials are generally provided individually, created as part of a manual process, and with password rotation on a best-intention basis. This is problematic as access is usually too broad, difficult to audit, and complex to maintain.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh -e | |
| echo "[$(date +%T)] Deregister boundary worker" | |
| # Read the worker id from the file written on startup | |
| worker_id=$(cat ./worker_id) | |
| # Base url for the HCP cluster | |
| base_url="https://${cluster_id}.boundary.hashicorp.cloud/v1" | |
| auth_url="${base_url}/auth-methods/${auth_method_id}:authenticate" | |
| dereg_url="${base_url}/workers/${worker_id}" |
nicholasjackson
/ keymap.json
Created
April 13, 2020 10:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "title": "command + h/j/k/l/u/i to arrow keys and home end", | |
| "rules": [ | |
| { | |
| "description": "Change Command + h/j/k/l to Arrows", | |
| "manipulators": [ | |
| { | |
| "type": "basic", | |
| "from": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // To view the default settings, hold "alt" while clicking on the "Settings" button. | |
| // For documentation on these settings, see: https://aka.ms/terminal-documentation | |
| { | |
| "$schema": "https://aka.ms/terminal-profiles-schema", | |
| "defaultProfile": "{2c4de342-38b7-51cf-b940-2309a097f518}", | |
| "profiles": | |
| [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Consul connect and Nginx | |
| ## Example docker compose | |
| ```yaml | |
| nginx: | |
| image: nginx:latest | |
| volumes: | |
| - ./docker-compose-nginx.conf:/etc/nginx/nginx.conf:ro | |
| ports: | |
| - "8181:80" |
nicholasjackson
/ message_protocol.md
Last active
January 23, 2018 12:17
Generic message protocol for OpenFaaS Afterburner
Implementing HTTP request parsing is problematic for Afterburner functions, and requires a full implementation of the HTTP RFC for each request to ensure compliance with the standard.
This proposal sets out an example of a simple text based protocol which is language agnostic, off-loading the parsing of the request to the watchdog not the function handler.
[HEADER required] \r\n [BODY optional] 0\r\n\r\n
NewerOlder