#office-hours (2022-07)

Meeting password: sweetops

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!

https://cpco.io/slack-office-hours

Meeting password: sweetops

2022-07-01

2022-07-06

sohaibahmed98 avatar
sohaibahmed98
bridgecrewio/AirIAM

Least privilege AWS IAM Terraformer

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:00:11 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Zoom avatar
Zoom
06:27:19 PM

Andy Miguel (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:27 PM

Brian Pauley has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:50 PM

Ayobami Bamigboye has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:54 PM

Oskar Maria Grande has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:04 PM

Allan Mohr has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:52 PM

Vlad Ionescu has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:01 PM

Ralf Pieper has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:23 PM

Isaac M has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:34 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:56 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:17 PM

Luis Masaya has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:20 PM

Julian Diaz has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:35 PM

Sean O’Dell has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:42 PM

Charles Smith has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:05 PM

Michael Williams has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:16 PM

Alexander Goya has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:34 PM

Michael Jenkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:05 PM

Alexandr Vorona has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:38 PM

Marc Tamsky has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:08 PM

Matt Gowie has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:01 PM

Amer Zec has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:30 PM

Arthur Dent has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:46 PM

Olad Oke has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:27 PM

Bob K has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:36 PM

Charles Randall has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:59 PM

Marc Tamsky has joined Public “Office Hours”

Zoom avatar
Zoom
06:51:25 PM

emem emem has joined Public “Office Hours”

Zoom avatar
Zoom
06:52:41 PM

Imran Hussian has joined Public “Office Hours”

Zoom avatar
Zoom
06:53:00 PM

Mohammed Yahya has joined Public “Office Hours”

Zoom avatar
Zoom
06:55:51 PM

Sherif Abdel-Naby has joined Public “Office Hours”

Zoom avatar
Zoom
06:56:10 PM

Roy Sprague has joined Public “Office Hours”

Zoom avatar
Zoom
07:04:11 PM

Santiago Campuzano has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Andy Miguel (Cloud Posse) avatar
Andy Miguel (Cloud Posse)

@Michael Williams

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

https://cloudposse.com/faqs/why-do-you-recommend-spacelift/#<i class="em em-~"</i>text=With%20Spacelift%2C%20you%20have%20an,tech%20debt%20across%20all%20environments.&text=Drift%20Detection%20runs%20on%20a,what’s%20failing%2C%20and%20what’s%20queued>.

2022-07-09

Sherif avatar

https://github.com/danielfoehrKn/kubeswitch

^ If you find yourself dealing with multiple clusters, and many namespaces, then consider using kubeswitch

danielfoehrKn/kubeswitch

The kubectx for operators.

2022-07-11

2022-07-12

SweetOps avatar
SweetOps
07:31:06 AM
[Ansible vs TerraformCloud Posse Explains](https://www.youtube.com/watch?v=kEj-jyMqP_A)
SweetOps avatar
SweetOps
07:31:32 AM
[Don’t Deploy Lambdas with Terraform! (Unless..)Cloud Posse Explains](https://www.youtube.com/watch?v=KaJuCFCDAAs)
SweetOps avatar
SweetOps
02:51:10 PM
[Why You Shouldn’t Terraform EVERYTHINGCloud Posse Explains](https://www.youtube.com/watch?v=9hxMPq_iB7Q)
SweetOps avatar
SweetOps
09:50:28 PM
[AWS IAM Growing Pains? Watch ThisCloud Posse Explains](https://www.youtube.com/watch?v=KYeqbllLUFk)

2022-07-13

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:00:32 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Denis avatar

I’m working on the codebuild repo and I was told to write a migration doc for the newer version of terraform and aws provider. I saw that the same thing was done for the S3 module in a wiki on the repo. Should I write a separate doc in the docs directory and link to it in the repo readme as instructed, or should this be done in a Wiki as for S3 so that this can be consistent? And should my doc/wiki just link to the s3 module upgrade write up and the terraform guide for upgrade to 1.0? Or write the whole thing locally? I think linking it to the actual source would be better, but I want to know if there’s some standard/preference around these things?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Jeremy G (Cloud Posse)

Jeremy G (Cloud Posse) avatar
Jeremy G (Cloud Posse)

@Denis Thank you for your contributions!

Putting the migration docs in the Wiki was an experiment, and in the end we decided we did not like it. So we have standardized on creating migration documents in the docs/ directory with names like migration-v1-v2.md . You should then put a summary/highlights in the PR description, which we will then copy to the Release Notes. See, for example, dynamic-subnets v2.

You should not copy the S3 bucket documentation, you should link to https://github.com/cloudposse/terraform-aws-s3-bucket/wiki/Upgrading-to-v2.0 instead.

On the question of what to put in README.yaml, if the breaking changes due to an upgrade could result in data loss, then a warning to that effect should be included in the introduction block. Otherwise, migration docs can be left to just the release notes.

One other thing is to make sure to update the examples in the README, as well as in examples/, for the new interface.

Thanks again!

CC @RB (Ronak) (Cloud Posse)

1
Zoom avatar
Zoom
06:28:54 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:59 PM

Oscar Blanco has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:17 PM

Roy Sprague has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:51 PM

Denis Simonovski has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:04 PM

venkata mutyala has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:06 PM

Ralf Pieper has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:38 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:48 PM

Marcos Soutullo has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:03 PM

Andy Miguel (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:09 PM

Ralf Pieper has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:19 PM

Uwaila Adams has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:48 PM

Alexandr Vorona has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:48 PM

Ralf Pieper has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:54 PM

Luis Masaya has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:54 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:14 PM

Isa Aguilar has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:23 PM

Harold Sphinx has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:41 PM

Vlad Ionescu has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:00 PM

Bob K has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:41 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:34 PM

Yusuf has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:16 PM

Brian Choate has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:26 PM

Babu Balagani has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:39 PM

Marcos Soutullo has joined Public “Office Hours”

Zoom avatar
Zoom
06:42:52 PM

tamsky has joined Public “Office Hours”

Zoom avatar
Zoom
06:47:35 PM

Marcos Soutullo has joined Public “Office Hours”

Zoom avatar
Zoom
06:47:44 PM

Amer Zec has joined Public “Office Hours”

Zoom avatar
Zoom
06:51:27 PM

Patrick McDonald has joined Public “Office Hours”

Zoom avatar
Zoom
06:51:54 PM

Sherif Abdel-Naby has joined Public “Office Hours”

Zoom avatar
Zoom
06:52:44 PM

Amer Zec has joined Public “Office Hours”

Zoom avatar
Zoom
06:54:02 PM

Paul Bullock has joined Public “Office Hours”

Zoom avatar
Zoom
06:56:22 PM

Asha Duri has joined Public “Office Hours”

Zoom avatar
Zoom
06:59:42 PM

Kayode Adeniyi has joined Public “Office Hours”

Zoom avatar
Zoom
07:01:45 PM

Basilis Markopoulos has joined Public “Office Hours”

Sherif avatar

Maybe can be a discussion for another Office Hours, but I now hate Helm Charts :’D

Helm Charts are “Shifting Right” instead of left. Our company Helm Charts for our apps (not third party apps) is now very complicated that only a “Platform / DevOps” guy can “debug” them.

We end up needing to parameterize everything, and Go Templates is basically “not enough” for all the logic we need. Curious to know your thoughts, do you feel the same way ?

1
DaniC (he/him) avatar
DaniC (he/him)

i have missed the Office Hours, was this topic discussed? If so pls let me know and will watch the recording. Thx

Sherif avatar

https://kpt.dev/ ^ Is interesting tho

kpt - Home

A package-centric toolchain that enables a WYSIWYG configuration authoring, automation, and delivery experience and simplifies managing Kubernetes platforms and KRM-driven infrastructure at scale by manipulating declarative Configuration as Data, separated from the code that transforms it.

Andy Miguel (Cloud Posse) avatar
Andy Miguel (Cloud Posse)

I think @Sherif asked in the chat if anyone uses Crossplane. @Matt Gowie has been kicking the tires a lot on it lately

1
Matt Gowie avatar
Matt Gowie

@Sherif I wasn’t able to make office hours today as I’m teaching, but if you’re interested in chatting Crossplane then feel free to ping me directly!

2022-07-14

SweetOps avatar
SweetOps
01:14:55 AM
[Standardize Your Kubernetes App Monitors! (& How to Handle Exceptions)Cloud Posse Explains](https://www.youtube.com/watch?v=cEGOdr3ekS8)

2022-07-15

2022-07-20

Matt Gowie avatar
Matt Gowie

Speaking of AWS SSO ^^ — If we’re lacking topics for today, I would be interested to hear how folks are finding their implementations of AWS SSO w/ SAML vs IAM SAML. I’ve worked with AWS SSO but it was before it had Terraform support and even now that it does have Terraform support, it seems limited. I’d like to hear about any pitfalls, what can and can’t be automated today, and what to watch out for.

this2
Kayode avatar

Nice! i worked on this recently! i’d love to hear about it too.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@matt @Jeremy G (Cloud Posse)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:02:10 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I’m having some technical difficulties (network died) hoping to be back on shortly

1
1
Zoom avatar
Zoom
06:30:55 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:57 PM

Allan Mohr has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:57 PM

venkata mutyala has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:06 PM

Yusuf has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:08 PM

Isaac M has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:15 PM

dag viggo lokoeen has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:40 PM

Kayode Adeniyi has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:56 PM

Oliver Schoenborn has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:34 PM

Jose Figueredo has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:06 PM

Mohammed Yahya has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:27 PM

Hari Prasad Venkatanarayana has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:36 PM

Alexandr Vorona has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:01 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:14 PM

Bridget Royer has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:29 PM

Matt Gowie has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:58 PM

Amaan Khan has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:35 PM

Adam Buggia has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:41 PM

Amer Zec has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:23 PM

Ralf Pieper has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:55 PM

Ingvar Örn Ólason has joined Public “Office Hours”

Zoom avatar
Zoom
06:39:52 PM

Andrew Vitko has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:38 PM

Isa Aguilar has joined Public “Office Hours”

Zoom avatar
Zoom
06:45:45 PM

Sherif Abdel-Naby has joined Public “Office Hours”

Zoom avatar
Zoom
06:48:59 PM

Yusuf has joined Public “Office Hours”

Zoom avatar
Zoom
06:58:35 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
07:02:15 PM

Christopher Pieper has joined Public “Office Hours”

Zoom avatar
Zoom
07:05:03 PM

Oliver Schoenborn has joined Public “Office Hours”

Zoom avatar
Zoom
07:06:47 PM
Zoom avatar
Zoom
07:09:45 PM

Santiago Campuzano has joined Public “Office Hours”

Andy avatar

I have a question about best practice when using an API Gateway which handles authorization token validation.

Andy avatar

CURRENT ARCHITECTURE (Authorisation handled by individual services)

Andy avatar

DESIRED ARCHITECTURE (Authorisation handled by the API gateway)

Andy avatar

Questions:

• When offloading token authorisation to the API gateway are all API requests between services essentially unprotected?

• If so how do you manage access to the services (e.g. from developers in the non-prod environment)

Andy avatar

@matt my understanding was that when using an API gateway you could offload the responsibility of validating tokens to the API gateway, so communication behind that didn’t require token validation. Is that incorrect?

Andy avatar

That’s what we were hoping just to simplify our services so they didn’t have to worry about it. (they currently all individually make calls to our token-service to validate tokens)

Zoom avatar
Zoom
07:12:29 PM

Roy Sprague has joined Public “Office Hours”

Zoom avatar
Zoom
07:13:55 PM

Maged Abdelmoeti has joined Public “Office Hours”

Zoom avatar
Zoom
07:28:09 PM

PePe Amengual has joined Public “Office Hours”

2022-07-21

venkata.mutyala avatar
venkata.mutyala

Anyone here have a preferred helm chart they would recommend for deploying prometheus + grafana?

1
venkata.mutyala avatar
venkata.mutyala
kube-prometheus-stack 38.0.2 · prometheus/prometheus-communityattachment image

kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.

Matt Gowie avatar
Matt Gowie

Adding another BeyondCorp tool question to the seemingly never ending pile: Has anyone used Cloudflare’s Tunnel + Access products? A prospect just brought it up and I’d be interested to hear if anyone has adopted it and what your experience was.

3

2022-07-27

Eric Berg avatar
Eric Berg

I’m working on pulling out my K8s workload deploys to a non-TF-based solution. What solutions are you using? I’ve come up with paths to using Flux, Github Actions, and Spacelift. I’d like to hear about some approaches you’ve taken, pros/cons, etc.

2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:02:28 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Great questions today!

Zoom avatar
Zoom
06:29:01 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:02 PM

Jeremy Bouse has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:14 PM

Allan Mohr has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:26 PM

Ralf Pieper has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:27 PM

dag viggo lokoeen has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:36 PM

Alex Atkinson has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:38 PM

Vlad Ionescu has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:38 PM

Linda Pham (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:52 PM

Dimitris Kargatzis has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:19 PM

Robert Jordan has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:20 PM

Christopher Pieper has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:31 PM

Luis Masaya has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:35 PM

Qazi Hasan has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:38 PM

David Hawthorne has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:47 PM

Charles Smith has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:59 PM

Isa Aguilar has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:07 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:08 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:19 PM

Allan Swanepoel has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:40 PM

Andrew Hall has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:46 PM

Ben Smith (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:32 PM

Matt Gowie has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:40 PM

Rupinder Matharoo has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:59 PM

Roy Sprague has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:04 PM

Dave Gregory has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:49 PM

Tim Gourley has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:09 PM

Isa Aguilar has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:17 PM

Alexandr Vorona has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:31 PM
Zoom avatar
Zoom
06:36:56 PM

Michael Williams has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:15 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
06:39:05 PM

Jim Park has joined Public “Office Hours”

Zoom avatar
Zoom
06:39:39 PM

Ian Bartholomew has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:35 PM

Oskar Maria Grande has joined Public “Office Hours”

david.gregory_slack avatar
david.gregory_slack

A few weeks ago (been looking through old vids but can’t find it) there was some talk about Control Tower and whether it could be fully Terraformed. IIRC CloudPosse don’t use Control Tower because it can’t. What do you do instead? Just about to embark on building a fresh org to migrate old accounts into and was planning to use ATF to vend new accounts, but the lack of Terraformability put me off and now I can’t really see what I’m getting from Control Tower.

Zoom avatar
Zoom
06:46:47 PM
Zoom avatar
Zoom
06:47:59 PM

Gerard Ceraso has joined Public “Office Hours”

Zoom avatar
Zoom
06:58:51 PM

Sherif Abdel-Naby has joined Public “Office Hours”

Zoom avatar
Zoom
07:01:52 PM

Patrick McDonald has joined Public “Office Hours”

Zoom avatar
Zoom
07:03:54 PM

Dave Gregory has joined Public “Office Hours”

Zoom avatar
Zoom
07:11:36 PM

Marc Tamsky has joined Public “Office Hours”

DaniC (he/him) avatar
DaniC (he/him)

just a heads up for folks who might consider using ssosync - i’m using it but hit https://github.com/awslabs/ssosync/issues/81 and so i’m now using the fork as mentioned in one of the comments.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

eek! that’s a big one:
Doesn’t support more than 50 users

DaniC (he/him) avatar
DaniC (he/him)

yep, note much can be done unless AWS does some changes to their API … unlikely imo . The fork works for me but then again my entire org is only 200 employees out of which only 2/3 gets synced so not sure if this scales for bigger orgs.

2022-07-28

zadkiel avatar
zadkiel

Hey there. I just ear the concern about multiple MFAs for AWS root accounts. You can use vault, 1pw or authy. You can also just share the mfa seed key with multiple people. Just share the qr code (or qr code content) and ask people to add it to their authenticator. It’s not centralized, so not shared wich means you’ll have to re-share the new key on a event of a renew for example. it’s not ideal, but possible.

Jeremy (UnderGrid Network Services) avatar
Jeremy (UnderGrid Network Services)

that is true but that doesn’t do anything for safe storage of the QR code or seed key. You still have to protect that from potential leak accidently. If you print the QR code with the seed key or save the file, how do you ensure it is kept secure. The suggestions of vault, 1pw and authy all have means by which it can be shared securely and restrict dissemination. I believe that is why they were recommended vs just sharing the seed key or QR code.

1
Allan Swanepoel avatar
Allan Swanepoel

What we did in one previous location was to split the mfa seed key into 3 fragments, and put each fragment in a different safe, and a different guardian assigned to verify that the fragment is tamper proof ( used evidence bags and sealed envelopes)

Allan Swanepoel avatar
Allan Swanepoel

All three parties had to attend a pseudo key ceremony if it was needed to access the fragment to get access. Not ideal, but better than Single person with single point access

1

2022-07-29

2022-07-30

managedkaos avatar
managedkaos

Came across this build framework today. The config looks like a cocktail made with one part Dockerfile and one part Makefile. https://earthly.dev/

I’m curious if anyone has tried earthly and what the results were.

Earthly - Better Buildsattachment image

Build automation for the container era

3
2
Matt Gowie avatar
Matt Gowie

This has come up a few times. It looks pretty cool — I haven’t checked it out yet, but I would like to.

Earthly - Better Buildsattachment image

Build automation for the container era

2
1

2022-07-31

    keyboard_arrow_up