enclaver
salty
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
enclaver
-
PostgreSQL Encryption: The Available Options
If you're looking for the best way to take a container and run it with Nitro, I work on https://github.com/edgebitio/enclaver
Works great with Kubernetes as a DaemonSet or straight on a VM.
-
Ask HN: What Are You Working on This Year?
Building a tool for running secure enclaves called Enclaver (https://github.com/edgebitio/enclaver). There is a big opportunity for keeping data encrypted while running code against it within enclaves.
And a more secure software supply chain is possible with device attestation and cryptographic measurements of software.
-
My company open sourced our tool to mix pods with secure enclaves into a regular EKS cluster
Check out the code on GitHub: https://github.com/edgebitio/enclaver
-
Supabase secrets management available in beta
I'm building the "in-use" part of this right now...what if you could encrypt your data with an encryption key (at-rest), _but also_ to a set of code that is allowed to decrypt it (in-use). If that code is identified cryptographically, its identity can't be spoofed or stolen.
We're exploring secure enclaves as the protected runtime env and the code attestation generation: https://github.com/edgebitio/enclaver
- Enclaver - run code in secure enclaves so it can't be observed by any human (like your iPhone enclave, but on AWS servers instead)
- Show HN: Enclaver – create and run secure enclaves
-
What’s the coolest thing you did this year?
I have been building out an open source project called Enclaver, which allows you to wrap sensitive workloads inside of a secure enclave (the same as your iPhone, but on servers). It's intended for anything you don't want observed, like JWT signers, encryption/decryption, partner integrations using highly privileged API keys, etc.
-
The Security Design of the AWS Nitro System
I found the side channel protection and CPU/L1 isolation between customers to be particularly interesting.
Very cool to see the physical hardware interconnects for resetting the system. Also the PCI bus as one of the isolating boundaries.
I have built an open source project for managing Nitro Enclaves (https://github.com/edgebitio/enclaver), so it is cool to see how these build on this foundation to provide even more protection.
salty
-
Pyinfra: Automate Infrastructure Using Python
Was there any thought to perhaps do a version with an agent? I really like how fast Saltstack can be as compared to Ansible.
I've been using my own homegrown project that does just this - Python roles, server/client, Mako templates: https://github.com/mattbillenstein/salty
It's very very fast to do deploys on long-lived infrastructure, but it hasn't been optimized for large clusters yet; I expect the server process will be a bottleneck with many clients, but still probably faster than Ansible for most setups.
- Linux System Config Management Tools
- It's almost 2023 - How do you logrotate? Seriously.
- Replacement for Chef?
-
What’s the coolest thing you did this year?
And running my own deployment system on this one: https://github.com/mattbillenstein/salty
-
Who's NOT using Kubernetes these days and want to share their exciting bit/tooling?
Slack chatops on top of Saltstack (although I experrimenting with rolling my own https://github.com/mattbillenstein/salty)
-
Show HN: Salty, a minimalist DevOps tool inspired by Saltstack (and Ansible)
I have a couple of comments and a question:
* please "set -e" and ideally "-euo pipefail" in shell scripts, because encountering an error and defaulting to "this is fine" is usually not going to produce good outcomes in a server automation suite: https://github.com/mattbillenstein/salty/blob/master/example...
* if this had an "else: return 1" equivalent, it wouldn't cause the salty.py to exit(0) on a misunderstood mode: https://github.com/mattbillenstein/salty/blob/master/salty.p...
* maybe this is my ignorance of saltstack, but is there no mechanism through which a sane python editor could help one know what verbs and params are available here? https://github.com/mattbillenstein/salty/blob/master/example...
For example, if those were "from salty import copy" a sane python editor could help in all kinds of ways, but with them just being implicit, the editor doesn't know and now I have to maintain a whole api in my head
What are some alternatives?
vault - Extension for storing encrypted secrets in the Vault
terraform-provider-proxmoxve - Terraform provider for ProxMox Virtual Environment
CFEngine - CFEngine Community
bevy - A refreshingly simple data-driven game engine built in Rust
semaphore - Modern UI for Ansible
VW_Flash - Flashing tools for VW AG control units over UDS. Compression, encryption, RSA bypass, and checksums are supported for Simos18.1/6/10, DQ250-MQB, DQ381-MQB, and Haldex4Motion-Gen5-MQB.
mgmt - Next generation distributed, event-driven, parallel config management!
pgsodium - Modern cryptography for PostgreSQL using libsodium.
ve - The ve toolkit build system
(R)?ex - Rex, the friendly automation framework