How I manage secrets in git

I created a little Git repo showing how I store encrypted secrets in git and then decrypt them at runtime on EC2/ECS/Kubernetes.

​

[https://github.com/noqcks/GitSecrets](https://github.com/noqcks/GitSecrets)

​

I created this because sops and other git secret managers make it easy to store the git secrets, but make little mention of operating them once you store them! The documentation can also be quite verbose and confusing.

​

I've used this previously for personal projects and places I've worked.

​

What do you think? How do you manage secrets in production?

https://redd.it/g96ywi
@r_devops

How does google cloud platform detect detect which npm script to run ?

Hi,

​

I just started learning to use Google App Engine. I deployed a Node app, which had a npm script called "dev" so to launch the app using the following command: \`npm run dev\`. However I never mentionned that command to GCP. Did it guess which one to pick ? How does it work ?

​

Thanks.

https://redd.it/g97xfe
@r_devops

Want to get into Devops and want to learn Language, Why python?

Hi All,

Sorry that this post may seem a bit of repetition to others posts, however, I'm hoping someone can answer the specifics of my question, so I can hopefully make the right choice on where to begin.

I have the ability to understand/read basics of code, But in no way am I a developer and would really need to start from scratch for learning a language. And generally speaking everywhere i have worked have been Microsoft one-stop shops, (other than AWS, but they moved to Azure when migrating to O365)

I've had "DevOps" roles in the past. I've worked with AWS, Created networks in the cloud, and those things were generally pretty easy for me to get my head around.I also moved onto a second job in which I was working within a Deployments team, again, advertised as DevOps but it was more Aspects of the role fit into DevOps, than being a DevOps role itself.

Sooooo in regards to languages, I've tried to have a search online regarding what is the best language to learn for starting in Devops, A lot of people are recommending Python.

**But what I don't understand is how does python integrate with things like Azure or AWS?Generally speaking, I thought these platforms mainly used C# or Java?**

**So how can you write in python and it still be used effectively?**

​

Thanks in Advance

https://redd.it/g94qzs
@r_devops

The tool that really runs your containers: deep dive into runc and OCI specifications

Did you know that regardless of which container tool you use - Docker, Podman, CRI-O - it most likely uses runc under the hood?

In my new article, I am showing what runc is and how to use it, as well as a couple of low level things like working with OCI Runtime bundles directly.

I hope, this article will demystify containers for you a bit!

https://mkdev.me/en/posts/the-tool-that-really-runs-your-containers-deep-dive-into-runc-and-oci-specifications

https://redd.it/g97jk4
@r_devops

nginx deployment in multiple environment

I'm doing a AWS CI/CD CodePipeline and CodeBuild with Docker. Dockerfile uses a base NGINX server image. It also has "ADD server.conf" command which copy the config file into the image on Docker build.

Now problem is , server.conf has a proxy_pass url (backend service) . This proxy_pass url is different in Dev , Stage and Production.


Is it possible to parameterize this proxy_pass url in server.conf and value can be replaced at runtime in the target environment? How it is done ? What is the best practice here ?

https://redd.it/g91ror
@r_devops

git tagging strategy

I use Jenkins for CI. When I am about to release I check the latest tag and I increment it using an awk 1 liner. It works. I was wondering if I should maintain a file called "release.txt" which will have:

`githash, tag, message`

`abcdef, v0.1, initial release`

`sdfsdf, v0.2, fixed a bug`

`qqwef, v0.3, added a new feature`

​

Then I run a script which will create the appropriate tag and message. Any thoughts about doing a software release this way? Or is there a better way?

https://redd.it/g90wi1
@r_devops

DevOps playground

Hi guys
Is there an online sandbox kind of place where we can practice DevOps, like IaaS, configuration management etc?

https://redd.it/g946sl
@r_devops

Secure your API from DDoS attacks with NGINX and fail2ban

Hi everyone!

Last week our production environment API was attacked by a DDoS attack. I wrote a blog post detailing how we fixed it by using NGINX and fail2ban.

If you have any suggestions or it worked for you, please let me know! I'm not an expert, so I will gladly take suggestions.

[https://blog.rogs.me/2020/04/secure-your-django-api-from-ddos-attacks-with-nginx-and-fail2ban/](https://blog.rogs.me/2020/04/secure-your-django-api-from-ddos-attacks-with-nginx-and-fail2ban/)

Thanks!

https://redd.it/g94fo3
@r_devops

Let’s talk runbooks for a sec.

Everywhere I’ve worked, we had runbooks. I mean, we were super strict about creating runbooks as part of an operational readiness process before releasing a new service. The idea was then to constantly update the runbooks as we went.

However, my current role, we put a little bit of information into the alert (Datadog monitor-> PagerDuty) itself. But almost feels like an after thought and it barely gets updated.

So my question: what do you guys do? Do you have runbooks? If you have runbooks, do you even follow them?

https://redd.it/g92iof
@r_devops

Running Folding@Home on AWS with AWS CDK

I had some credits that were expiring and decided to use them to run Folding@Home on AWS. I did the setup manually at first, and figured this is a good time to get some hands-on on AWS CDK.

My blog post on the same: https://sathyasays.com/2020/04/26/folding-at-home-aws-cdk/

The code is here: https://github.com/SathyaBhat/folding-aws

The code is rough and there's fair bit of hardcoding - PRs welcome!

https://redd.it/g91kum
@r_devops

New AppSec training platform. Thoughts welcome.

So, a short background about me. I am working my way into pentesting bit by bit (already an IT pro) through online courses, just for the sake of it. For the time being, and until I have sufficient knowledge and experience, I do not plan of focusing on a cybersec career, so I am just enjoying the ride of up-skilling.

That being said, I bumped into this platform on another channel: [https://application.security/](https://application.security/) and even though they do not offer pentesting courses, they do offer secure development training. I was aware of some more well known and established companies, but not of this one.

They seem to be aiming for group registrations but they do have a free section where anyone can practice OWASP best practices.

Just thought it might prove useful to someone here.

\- I am in no way affiliated with the specific platform/company

https://redd.it/g8y83t
@r_devops

[Article] So You Inherited an AWS Account

I've found that many AWS security resources tend to be oriented towards developers who are deploying new services or launching new accounts. They tout a variety of best practices and security controls that should (rightfully) be used.

But what happens if the previous account owner leaves, your company acquires another company, or you are somehow given responsibility for a production AWS account that has been running for years and need to quickly secure it? Many of those same security controls become the goal, but not the reality. This is especially true if the previous owners did not have a strong security posture and you're now responsible for implementing security controls while simultaneously keeping production infrastructure running.

This is a guide for developers who find themselves in this position. It covers the immediate must-dos, along with a roadmap for monitoring and migrating the account to a more secure standard.

[https://medium.com/@matthewdf10/so-you-inherited-an-aws-account-e5fe6550607d?sk=138a8800de70d07e158e918d503ff69a](https://medium.com/@matthewdf10/so-you-inherited-an-aws-account-e5fe6550607d?sk=138a8800de70d07e158e918d503ff69a)

https://redd.it/g9nkqh
@r_devops

Good literatur for getting started with microservices?

I'm a Junior Developer with solid experience in Docker and some first experiences with Swarm who wants to design and develop scalable high-availability microservice applications. Do you have some book recommandations for me?

https://redd.it/g9ml53
@r_devops

Creating a DigitalOcean Droplet with Terraform

I wrote up a three part starter post series on creating a DigitalOcean droplet using Terraform. I went through creating a droplet, attaching a volume, and using cloud-init to customize the droplet.

Would enjoy any wonderful comments from the glorious reddit community.

[https://bitleaf.io/blog/creating-a-digitalocean-droplet-with-terraform-part-1-of-3/](https://bitleaf.io/blog/creating-a-digitalocean-droplet-with-terraform-part-1-of-3/)

https://redd.it/g9o84o
@r_devops

Deploy and Manage Azure Infrastructure Using Terraform, Remote State, and Azure DevOps Pipelines (YAML)

While I found a ton of articles to achieve this, I did not find many that were not only a complete step-by-step guide but used YAML pipelines instead of the classic GUI pipelines. So just wanted to share if anyone else was looking to do the same.

[**link**](HTTPS://WWW.THELAZYADMINISTRATOR.COM/2020/04/28/DEPLOY-AND-MANAGE-AZURE-INFRASTRUCTURE-USING-TERRAFORM-REMOTE-STATE-AND-AZURE-DEVOPS-PIPELINES-YAML/)

https://redd.it/g9na34
@r_devops

Getting started with GitHub Actions: concepts and tutorial

If you heard about GitHub Actions, you already know it is a task automation system. The question is when and how to use it? [Here is a handy tutorial to learn how to use GitHub Actions](https://www.padok.fr/en/blog/github-actions).

https://redd.it/g9mex0
@r_devops

AWS Guide: Operating within the AWS Shared Responsibility Model (Lambda, S3, RDS, IAM)

AWS Guide: Operating within the AWS Shared Responsibility Model (Lambda, S3, RDS, IAM)

[https://www.cybercoastal.com/aws-guide-operating-within-the-aws-shared-responsibility-model/](https://www.cybercoastal.com/aws-guide-operating-within-the-aws-shared-responsibility-model/)

https://redd.it/g9nlm7
@r_devops

mtk-dump - sanitize and minify your sql dumps


At work we built a replacement for mysqldump so we could:

- sanitize sensitive data
- exclude table data that was not useful for local dev
- specify rules for what rows were exported to reduce the size of the dumps

Im pretty stoked with what were able to come up with. I wrote a blog with some examples to show off what it is capable of.

https://www.nicksantamaria.net/post/faster-dumps-smaller-files/

On our worst offending app (a Drupal 8 app) we were able to reduce our sql dump size from:

- 4.5GB with raw mysqldump
- 2.1GB using the --no-data flag on tables we could exclude entirely
- 654MB using mtk-dump, excluding some tables entirely, and also excluding rows that contained unpublished revisions

https://redd.it/g9mwc6
@r_devops

Inspiring to achieve..

I am a 19 year old college drop out with no qualifications but a level 3 apprenticeship, currently working full time as a 1st line service desk analyst. I got into this apprenticeship to proceed further with a degree level cyber security apprenticeship which were advertised through providers etc 2 years ago before I even got into IT; now that I am in IT and completed my level 3 foundation apprenticeship the whole concept of a degree level apprenticeship for cyber security is just a myth and false hope as I have only just discovered that there was never any vacancies just an option for companies looking to develop their EXISTING staff which my company cannot do because they just can’t facilitate enough experience for a cyber security degree. Now I’m stuck on the service desk, not where I want to be but have developed an open mind, not just for cyber security but DevOps and DevSecOps etc..

I have just ordered the raspberry pi 4 and follow the likes of “NetworkChuck” on YouTube Whos also a CBT nuggets trainer and find really informative and intellectual and will be following his guide to transform the raspberry pi into a learning desktop for linux x hacking which I have zero knowledge or experience in, hence I was wondering if the amazing community of Reddit could point me to the right direction such as forums, other communities who love to share experience and knowledge, websites to develop my skills and knowledge.
I’m aware of comptia and Cisco certified exams and will be looking into doing a CCNA after a comptia Linux + as soon as I can start to afford it!

Any advise would be much appreciated, consider me a noob, I’m NOT the average IT kid who’s been coding half my life, I have only just started to grow immense interest in IT watching TED videos on Linus whatever his surname is, the guy who established Linux open source and Git, and even random hardware hacking videos picking up small things like transforming the shadow core rate in AMD gpus into radio frequencies making them hack-able from 50m away through a building which I have no resources at the moment to try but maybe will soon.

I have also posted this to the cyber security community (barley know how reddit works just joined few days ago)

https://redd.it/g9mofz
@r_devops

Do you run Django\Sqlalchemy\alembic migrations inside your docker?

I have a python application which relies on a RDBMS (PostgreSQL in my case),I am using alembic for data base migrations (table schema changes) that must be preformed before my application runs.

How would you handle such a situation? run the migration inside my main application docker before the app?

Or maybe have a different docker for migrations and have the application docker depend on the migration one?

I personally prefer the first option

https://redd.it/g9kn1e
@r_devops

Tutorial: Getting Started with Docker and Containers

Hey Everyone,

I created a tutorial for anyone looking to really understand Docker and Docker Compose basics. It shows you how to create a Dockerfile for a NodeJS app and then link it with a Postgres container using Docker Compose. It takes you through each directive and command and explains what it does.

I'm hoping this fills the gap for some people between using basic docker and beginning to understand how Docker networking works and how you can link more realistic apps together with Docker Compose. This is part of a larger mini series on DevOps but it can stand alone on it's own as well.

You'll need git to complete this as you need to clone the repository to your local machine: [https://github.com/opscentric/mini-series/tree/master/docker-and-containers](https://github.com/opscentric/mini-series/tree/master/docker-and-containers)

Feedback welcome and appreciated.

https://redd.it/g9ief3
@r_devops