- Setup Keycloak in non-HA mode (replica 1)
- Disable UserFederation
- You might have to increase the resource limits to avoid that pod beeing killed by memory or CPU limits
See Keycloak Documentation for more details.
.terraform/ | |
*.pem | |
*.tf | |
*.tfstate | |
*.yaml | |
*.backup | |
istio-*/ | |
cert-manager-*/ | |
*.swp | |
env |
See Keycloak Documentation for more details.
# ssh key generator data source expects the below 3 inputs, and produces 3 outputs for use: | |
# "${data.external.ssh_key_generator.result.public_key}" (contents) | |
# "${data.external.ssh_key_generator.result.private_key}" (contents) | |
# "${data.external.ssh_key_generator.result.private_key_file}" (path) | |
data "external" "ssh_key_generator" { | |
program = ["bash", "${path.root}/../ssh_key_generator.sh"] | |
query = { | |
customer_name = "${var.customer_name}" | |
customer_group = "${var.customer_group}" |
This is a guide that I wrote to improve the default security of my website https://fortran.io , which has a certificate from LetsEncrypt. I'm choosing to improve HTTPS security and transparency without consideration for legacy browser support.
I would recommend these steps only if you have a specific need for information security, privacy, and trust with your users, and/or maintain a separate secure.example.com domain which won't mess up your main site. If you've been thinking about hosting a site on Tor, then this might be a good option, too.
The best resources that I've found for explaining these steps are https://https.cio.gov , https://certificate-transparency.org , and https://twitter.com/konklone
#!/usr/bin/env bash | |
set -o errexit | |
set -o nounset | |
set -o pipefail | |
# org/repo (e.g. karlkfi/probe) | |
REPO=$1 | |
# range (e.g. 1.8.4..1.8.5) | |
RANGE=$2 |
#!/usr/bin/env bash | |
# | |
# Purpose: Create a Swarm Mode cluster with a single master and a configurable | |
# number of workers. | |
# This script is a mirror of the following gist, which is used to | |
# populate a Medium story. Unfortunately, there's no way to synchronize all | |
# three | |
# | |
# Medium: https://medium.com/contino-io/docker-kata-005-ac8429082f6c | |
# Gist: https://gist.github.com/anonymuse/502e7bf5c7b67bb95a4250cdccbc5125 |
#!/bin/bash | |
# set up some variables | |
NOW_DATE=$(date '+%Y-%m-%d-%H-%M') | |
RESTORE_FROM_INSTANCE_ID=<source name> | |
TARGET_INSTANCE_ID=<target name> | |
TARGET_INSTANCE_CLASS=db.m4.large | |
VPC_ID=<vpc subnet id> | |
NEW_MASTER_PASS=<root password> |
screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
screen -AmdS docker ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
screen -r docker
# enter, then disconnect with Ctrl-a d
screen -S docker -p 0 -X stuff $(printf root\\r\\n)
screen -r docker
I'm learning about SOPS and setting it up as my preferred mechanism for storing secrets. Here are my notes.
It’s security mechanism is that we (i.e. client) use a PUBLIC key from the receiver (i.e. server) and encode it with a random key (I’m saying nonce but it could be reused)
This varies from RSA and SSH because the server uses a PUBLIC key to identify the client.
Web of trust operates by still using PGP (i.e. encoding with recipient’s public key) but additionally, we can encrypt/sign the data as our own by signing it with the client’s private key.
This means the recipient will initially decrypt via our (i.e. client’s) public key (verifying the source) and then decrypting via their (i.e. server’s) private key to get the data.