cloak
notation
cloak | notation | |
---|---|---|
11 | 7 | |
220 | 289 | |
2.7% | 1.0% | |
5.5 | 8.9 | |
about 1 year ago | 10 days ago | |
Rust | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cloak
-
Ask HN: Co-Founder? Seeking Co-Founder?
SEEKING FOUNDER CEO | Dev Tools | CEO Co-founder | Worldwide | MVP
Lookign for
Someone with experience taking a product to market, someone willing to trade equity for MAUs.
Idea
https://cloak.software/
Current Progress
Ready to onboard users but still a few issues to iron out.
Contact
https://www.linkedin.com/in/ianpurton
-
Launch HN: Infisical (YC W23) – Open-source secrets manager for developers
Hi. I'm also working on an E2E secrets manager. https://github.com/purton-tech/cloak
A few tips.
1. It looks like I'm able to do account enumeration on your login page. For a secure app you want to make sure this is not possible.
- Ask HN: What are some good examples of Rust code bases to read and learn from?
-
Ask HN: Which CI/CD do you use for a monorepo?
You want to take a look at Earthly. https://earthly.dev/
This gives you a mix of docker and a makefile.
The best bit is you can test your pipeline locally and you are vendor agnostic.
I'm using it here https://github.com/purton-tech/cloak
-
Ask HN: Where do you host images for your blog or landing pages?
I commit to a github repo and that gets deployed to cloudflare pages. https://pages.cloudflare.com/
I use Zola the static site generator. My repo is here https://github.com/purton-tech/cloak/tree/main/www
-
Seeking advice on my AuthZ Implementation for web app.
You can see my migrations to switch on RLS here https://github.com/purton-tech/cloak/blob/main/db/migrations/20220808094314_tenancy_isolation.sql
-
Launch HN: DeploySentinel (YC S22) – End-to-end tests that don't flake
Hi we are running selenium tests in our CI/CD pipeline.
We do actually generate a video of the tests running as an example see here https://github.com/purton-tech/cloak/actions/runs/2787628672
We're not using cypress we use webdriver connected to a selenium docker instance.
Is that something you can connect to?
-
Ask HN: How to find a problem a solo founder could and would want to solve?
I can give you a concrete example if that helps.
I looked at the "secrets automation" space and my background is cryptography and web development.
I'm a solo developer so when I look at a problem I have to make the solution small enough that I can actually build it.
I also have to have an idea about how I will get people to use my product i.e. marketing.
In my case 1Password raised 620million in funding based on their acquisition of Secretshub which for me proves there is a market in secrets automation for developers.
I looked at the secretshub product and I was confident I could build it better with easier to use encryption and make it open source.
As the market is developers I feel writing blog articles about software development will give me a route to market.
So I started about 4 months ago. The product is now here https://cloak.software and source code is here https://github.com/purton-tech/cloak
My first article about web development with rust has already had 16K views so I'm confident with the marketing approach. Now the hard works starts of turning visitors into paying users.
Hope this helps.
-
Ask HN: How does your team manage environment variables?
I've just launched an MVP for a solution to this problem. https://cloak.software/
-
Dagger: a new way to build CI/CD pipelines
I've been using Earthly for about 6 months.
Earthly uses Dockerfile style syntax so I don't have to learn a new language, I can leverage my existing knowledge.
Another advantage is that in Earthly I can run up a docker compose within my pipeline so that I have selenium, envoy and postgres running for integration testing.
You can see my integration tests here https://github.com/purton-tech/cloak/blob/main/Earthfile#L14...
Is that possible in dagger?
notation
-
Securing CI/CD Images with Cosign and OPA
Notary v2: The evolution to Notary v2 brought improvements in signature portability and integration with third-party key management solutions. However, it does not provide a certificate authority, leaving public key discovery for open-source image verification as an unresolved issue.
-
Automating Kubernetes Deployments with FluxCD for Patched and Signed Container Images
Notation
-
Level-up Container Security: 4 Open-Source Tools for Secure Software Supply Chain
Notation is another command-line too that lets you digitally sign artifacts. And those signatures essentaily become the stamps of approval for the different things in your software supply chain. For example, container images.
- notaryproject/notation: Notation is a project to add signatures as standard items in the registry ecosystem, and to build a set of simple tooling for signing and verifying these signatures. Based on Notary V2 standard.
-
Getting Started with Notary
Notary is the CNCF project name and is often referenced when referring to the process of signing digital artifacts, but Notation is the command line tool that does the heavy lifting. Run the following commands to install Notation.
- Dagger: a new way to build CI/CD pipelines
-
Making the Internet more secure one signed container at a time
It should be interoperable, that's the goal. I proposed some idea for nv2 here: https://github.com/notaryproject/nv2/issues/39 and here: https://github.com/notaryproject/nv2/issues/40 too.