Below you will find pages that utilize the taxonomy term “Security”
SOPS To Manage Secrets In Git Repositories
In a previous post, we discussed using age
to manage secrets in Git repositories.
In this post, let’s improve our secrets management workflow in Git repositories using SOPS.
sops
is an editor of encrypted files that supports popular configuration formats such as YAML and various encryption
techniques such as age
.
Read the blog post about age
to install the package and creating the key file.
This time, we will use sops
to perform encryption and decryption operations instead of the age
command.
DevOps Lab: Run Your Own VPN Server
There are many applications and technologies enabled by VPN. We will focus on one of them in this post: client VPN.
Connecting To A Private Network
If the server you are trying to access is on a private network, you can use a VPN to connect to the network as if you were physically present on the same network. This can be useful if you need to access resources or devices that are only available on the private network.
Age To Encrypt Secrets
Are you storing secrets such as database credentials, API keys, etc. unencrypted in Git repositories? Stop.
To protect your secrets, do not store them anywhere unencrypted. Especially in Git repositories. Ideally, your organization must have some vault solution where secrets can be stored and securely shared with people on a need-to-know basis. In many small organizations, having such a central secrets management solution is still a luxury. The need to store such secret information in Git repositories is obvious. There are a few ways in which you can encrypt secrets. We discussed using Ansible Vault in one of the previous blog posts.
Run Your Own OpenVPN Server
Introduction
The article explains how to run your own OpenVPN server. We will create a Certificate Authority Server and an OpenVPN server. We will also generate certificates for the clients. We will also learn how to manage revocation of client certificates using the Ansible roles.
Use the Ansible roles gavika.openvpn and gavika.easy_rsa to install and configure your OpenVPN server.
You can install the OpenVPN server on any public cloud or hosting provider or on-premise servers. The Ansible roles
are designed to install the OpenVPN
server and a Certificate Authority
server.
Simple Password Vault With Ansible
Ansible comes with a vault feature. It is meant to be used in the context of configuration management. But you can also use it as a standalone simple password vault for your personal or organization’s use.
Initial setup of password vault:
- Create or clone a Git or another SCM repository
git init
- Create the password vault
ansible-vault create myvault.secret
Type the new master password and confirm, ansible-vault will open your text editor. Type your secrets in the editor and save and quit. To open your vault for viewing or editing in the future, you will need your vault password.