wrongsecrets
kubernetes-client
wrongsecrets | kubernetes-client | |
---|---|---|
9 | 11 | |
422 | 3,313 | |
- | 1.1% | |
9.7 | 9.7 | |
over 1 year ago | 5 days ago | |
Java | Java | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wrongsecrets
- Learning secrets management in the modern world using OWASP WrongSecrets Project : Hands-on Labs, CTF style challenges
- Learning secrets management in the modern world using OWASP WrongSecrets Project
-
OWASP WrongSecrets Demo - How NOT to store secrets with the project founder Jeroen Willemsen
TL:DR OWASP WrongSecrets is a great project that gamified app that teaches how not to store secrets. The project was created from real examples that Jeroen and others came across in their work as security engineers (Or mistakes they have made) The App uses a number of different technologies such as docker to show common ways secrets are leaked. The challenges get more difficult as you go and give hints and have comments why this is a bad practice. https://github.com/commjoen/wrongsecrets
-
Secure Deployment: 10 Pointers on Secrets Management
OWASP SAMM on secret management Secure deployment Exercises/examples on how(not) to use secrets Canarytokens Have I been pwned? Gitleaks, Trufflehog
- OWASP WrongSecrets: Examples with how to not use secrets
-
What are some free resources for learning hacking?
Maybe to add: Webgoat https://github.com/WebGoat/WebGoat Juice shop https://github.com/juice-shop/juice-shop Wrongsecrets https://github.com/commjoen/wrongsecrets
-
Want to try some secrets hunting?
Hi! Some friends and I are making a p0wnable app around secrets management! Do you want to give a very early version a shot? Check it out over here. And let us know what you think!
kubernetes-client
- FLaNK 25 December 2023
-
I would like to make calls to the K8s API server from within a Java app that is running in a pod. How would I authenticate it to do so?
While that is true I‘d like to suggest taking a look at this client: https://github.com/fabric8io/kubernetes-client
-
Does Fabric8io K8s java client support patch() or rollingupdate() using YAML snippets?
I am trying to program the patching/rolling upgrade of k8s apps by taking deployment snippets as input. I use patch() method to apply the snippet onto an existing deployment as part of rollingupdate using fabric8io's k8s client APIS.. Fabric8.io kubernetes-client version 4.10.1I'm also using some loadYaml helper methods from kubernetes-api 3.0.12.
-
Pod labeling not possible from within pod using Kubernetes on Docker-EE
This approach works fine on our DIND-Kubernetes environment. However, when tried to port the deployment onto a Docker-EE Kubernetes environment we ran into trouble because the command kubectl label pod generates a run time error which is completely misleading (also see https://github.com/fabric8io/kubernetes-client/issues/853).
-
Using Java annotation processor in Scala
To be specific, I am trying to use https://github.com/fabric8io/kubernetes-client/tree/master/crd-generator in scala code. If it is only duplicating one class or so, that seems manageable. But if I need to rewrite everything I am less confident
- Is 6 LPA worth it to work at a startup from 9 AM to 8 PM?
-
Creating scalable microservices for practice?
In terms of spinning up and managing everything, like, the stuff that's not Java apps. But some of the old fabric8 work - the predecessor to jKube - provides Java APIs and utilities to doing things like writing kubernetes operators in Java. Check out the kubernetes-client project. A lot of people never even learn about kubernetes operators, and just think "I have a service, la la la" plug their ears and then assume there will be some magic operational team that will deploy some service mesh app to solve all their problems.
-
How can I deploy a containerized application from code?
Fabric8 is a very good Solution. I played also with k8s provided solution but especially custom resource definitions are a hell. I can recommend fabric8 it’s also used in operators like strimzi https://github.com/fabric8io/kubernetes-client
-
Canceling a Tekton TaskRun with Fabric8 Kubernetes Java Client
As the name says, this article is all about how to Cancel TaskRuns in Tekton using the Fabric8 Tekton client. You can see the latest example code here
-
Difference between service-account token and client certificates for programmatic access
Can the service account token, be used programmtically e.g., using https://github.com/fabric8io/kubernetes-client ?
What are some alternatives?
juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
jkube - Build and Deploy java applications on Kubernetes
trufflehog - Find and verify secrets
dsl - Structurizr DSL
WebGoat - WebGoat is a deliberately insecure application
MockServer - MockServer enables easy mocking of any system you integrate with via HTTP or HTTPS with clients written in Java, JavaScript and Ruby. MockServer also includes a proxy that introspects all proxied traffic including encrypted SSL traffic and supports Port Forwarding, Web Proxying (i.e. HTTP proxy), HTTPS Tunneling Proxying (using HTTP CONNECT) and SOCKS Proxying (i.e. dynamic port forwarding).
Keywhiz - A system for distributing and managing secrets
consul-api - Java client for Consul HTTP API
gitleaks - Protect and discover secrets using Gitleaks 🔑
container-jfr - Secure JDK Flight Recorder management for containerized JVMs
cryptr - Cryptr: a GUI for Hashicorp's Vault
Quarkus - Quarkus: Supersonic Subatomic Java.