|19 days ago||5 days ago|
|Mozilla Public License 2.0||Mozilla Public License 2.0|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
1 project | reddit.com/r/arbeitsleben | 5 Dec 2021
It's Now Possible to Sign Arbitrary Data with Your SSH Keys
15 projects | news.ycombinator.com | 13 Nov 2021
Yes it is, and they are awesome. git-crypt is a godsend for smaller projects (and maybe larger ones if permissions are granular enough) -- way simpler than sops and other alternative, with native integration via git filters (smudge). I use it on a ton of projects.
What's the one thing that you or a co-worker implemented for your team that has delivered the most value?
1 project | reddit.com/r/ExperiencedDevs | 7 Nov 2021
implemented a small wrapper over sops https://github.com/mozilla/sops for credential management. this got rid of all the back and forth when creds were rotated, added or a new team-mate onboarded.
Not sure if DevOps, but a few questions.
2 projects | reddit.com/r/devops | 16 Oct 2021
SOPS is a great tool for managing secrets: https://github.com/mozilla/sops
Secure Key Management in GraphJin the instant GraphQL to SQL service
2 projects | reddit.com/r/golang | 12 Oct 2021
The `graphjin secrets` command will open an editor where you can type in your secure environment variables on saving those will be encrypted and saved. In production those variables will be decrypted and used by GraphJin after fetching the decryption key from your cloud key management service. the secrets management has been built using the Mozilla SOPS library https://github.com/mozilla/sops
Just a reminder that the Twitch leak is mostly in GO
1 project | reddit.com/r/golang | 7 Oct 2021
Or something cross-cloud like https://github.com/mozilla/sops
Trying to install MySQL (&Wordpress)
1 project | reddit.com/r/docker | 3 Oct 2021
Note: The secrets file should be generated by the CI/CD at the runtime and should not be in the version control. If you want the secrets file to be in the version control, then you should at least encrypt them and decrypt at the runtime. The encryption/decryption part can be done easily with sops. Which one is the best? Depends, but that's a different topic... Whatever suits you and your needs :)
What's your best practice to backup these sensitive files containing credentials sprinkled through projects?
3 projects | reddit.com/r/commandline | 12 Sep 2021
Ask HN: What do you use GPG for?
2 projects | news.ycombinator.com | 1 Sep 2021
Let's say you bought one of those expensive Yubikeys; the U2F stuff works well enough, and you're wondering if there's anything useful to use GPG for.
Deriving SSH keys, or working with locally encrypted secrets (via [sops](https://github.com/mozilla/sops) for instance) could maybe be something. What use cases do you have where you find GPG useful?
4 projects | reddit.com/r/u_sybrenbolandit | 31 Aug 2021
Mayday, mayday! I need a scalable infrastructure to migrate on Scaleway Elements! Part 1 - Networking & Security
4 projects | dev.to | 12 Nov 2021
For easier visibility and auditing, central store API keys in a solution like Vault and in a dedicated project.
A security disaster waiting to happen
1 project | reddit.com/r/facepalm | 3 Nov 2021
Secrets management is how this is done. Products such as Hashicorp Vault allow an application to encrypt and decrypt data without having to store the decryption key within the app itself. Keys can be injected into the app at runtime so that having access to the source code or database does not give access to the keys.
An Update on Our Outage
3 projects | news.ycombinator.com | 31 Oct 2021
Building a "complete" cluster locally
24 projects | reddit.com/r/kubernetes | 31 Oct 2021
hashicorp vault for secret management
A small script to wake up a node that doesn't like to boot
2 projects | reddit.com/r/homelab | 14 Oct 2021
This is not secure. It requires the username/password to be stored in plaintext in the script. If you have the proper backend, you could use keyring, or if you're adventurous you could set up Vault. I may do the latter at some point. Realistically, if you're running this on your home LAN, it's highly unlikely that someone is going to infiltrate it, sniff traffic, acquire your IPMI credentials, and then use them, but you define your own risk tolerance. You could create another IPMI user with limited powers as a mitigation.
Hiding credentials in the curl command in splunk backend
1 project | reddit.com/r/Splunk | 6 Oct 2021
Here's one example: https://www.vaultproject.io/
Vault – Secrets management, encryption as a service and access management
1 project | news.ycombinator.com | 2 Oct 2021
ZFS on desktop - ZFS Noob drowned in information
1 project | reddit.com/r/zfs | 29 Sep 2021
Then do that, jamfour's comment covers the options very well. I personally have a Vault cluster in my home rack and my desktop reaches out to that at boot time for its zfs unlock key (I am currently working on rewriting it for the pubilc eye, a bit more modular too so other methods to try can be added/removed/etc, but not public yet sorry). Any solution you want is typically going to be attainable with a little scripting effort.
Anti-mask FL GOP bookkeeper dies of COVID — leaving party without access to finance software
1 project | reddit.com/r/politics | 20 Sep 2021
Scheduled backup of Vault secrets with Jenkins on Kubernetes
3 projects | dev.to | 14 Sep 2021
Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret while providing tight access control and recording a detailed audit log. https://www.vaultproject.io/
What are some alternatives?
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.
etcd - Distributed reliable key-value store for the most critical data of a distributed system
git-crypt - Transparent file encryption in git
minio - High Performance, Kubernetes Native Object Storage
bitwarden_rs - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs [Moved to: https://github.com/dani-garcia/vaultwarden]
Dokku - A docker-powered PaaS that helps you build and manage the lifecycle of applications
kratos - Next-gen identity server (think Auth0, Okta, Firebase) with Ory-hardened authentication, MFA, FIDO2, profile management, identity schemas, social sign in, registration, account recovery, and IoT auth. Golang, headless, API-only - without templating or theming headaches.
helm-secrets - A helm plugin that help manage secrets with Git workflow and store them anywhere
argocd-operator - A Kubernetes operator for managing Argo CD clusters.
atlantis - Terraform Pull Request Automation
argo-cd - Declarative continuous deployment for Kubernetes.