python |
Pythonタグが付けられた新着投稿 - Qiita |
退屈な念仏はpythonにやらせよう |
https://qiita.com/morozumi-kohei/items/b5ee3a6f6e232a66ffa6
|
日本の仏教 |
2022-08-14 22:27:32 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
便利ツール3選! |
https://qiita.com/YomamaBanana/items/986cb7331748aae552a2
|
markdown |
2022-08-14 22:24:22 |
js |
JavaScriptタグが付けられた新着投稿 - Qiita |
javaScript_正規表現,search,replaceメソッドなど |
https://qiita.com/ouka_/items/09ab9d1d36dc3ae1bb4d
|
javascript |
2022-08-14 22:05:41 |
Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
【Rails】エラーメッセージや時刻表示を日本語化する。 |
https://qiita.com/vaza__ta/items/268cad88235c4de7940c
|
rails |
2022-08-14 22:55:00 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
AWSのアクセスキーがファイルに含まれていたらエラーとしたい |
https://qiita.com/memomaruRey/items/6445fe996c3a9ad0f9ae
|
gitsecrets |
2022-08-14 22:48:08 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
初めてIAMユーザーを追加したけどcsvをDLせずに閉じちゃった......そんなときは! |
https://qiita.com/sky_rainy_cloudy/items/06621989214a28713ab7
|
追加 |
2022-08-14 22:39:19 |
Docker |
dockerタグが付けられた新着投稿 - Qiita |
Windows11にDockerをインストールしてみた② |
https://qiita.com/CatLogic_Blue/items/ad8a8e6117ff604b3019
|
解決方法 |
2022-08-14 22:01:19 |
golang |
Goタグが付けられた新着投稿 - Qiita |
ginの基本 |
https://qiita.com/zurustar/items/776cc21efdc22136d010
|
windows |
2022-08-14 22:03:25 |
Ruby |
Railsタグが付けられた新着投稿 - Qiita |
❯ rails g devise:installを実行したら |
https://qiita.com/satosh_da/items/38f779e6c01b056b08e9
|
ningviaspringpreloaderin |
2022-08-14 22:59:21 |
Ruby |
Railsタグが付けられた新着投稿 - Qiita |
【Rails】エラーメッセージや時刻表示を日本語化する。 |
https://qiita.com/vaza__ta/items/268cad88235c4de7940c
|
rails |
2022-08-14 22:55:00 |
海外TECH |
DEV Community |
Hello Embedded World - booting a minimal Linux with Busybox on RISC-V, from source |
https://dev.to/donaldsebleung/hello-embedded-world-booting-a-minimal-linux-with-busybox-on-risc-v-from-source-2ne9
|
Hello Embedded World booting a minimal Linux with Busybox on RISC V from sourceLast time we saw how to boot Ubuntu for RISC V on the QEMU virt board and set up a development environment for C and RISC V assembly That was fun and all but nothing compares to compiling our own Linux kernel and userspace utilities and get that to boot on a virtual or physical RISC V board So we re gonna do it today The RISC V docs actually outlines a process for doing so but unfortunately it is very brief and skips a lot of details and thus may not be suitable for readers new to the embedded world At least it took me a lot of fumbling extra Googling and experimentation to finally get it working This article thus attempts to bridge the gaps in the official docs so it would be easier to follow for a newcomer Let s go PreparationA proper Linux environment If on Windows macOS run a full blown Linux VM with a hypervisor like VirtualBox or VMware WSL on Windows may or may not work and will not be supported in this article The reference distribution is Ubuntu You may have to adapt the instructions and commands accordingly if on another Linux distribution Or for minimal hassle run an Ubuntu VM anyway It is assumed you are already well versed in Linux commands and administration If you get an error like gpg command not found halfway you ll be expected to figure out to sudo apt install gnupg instead of complaining Setting up the host cross compiling Linux and BusyBox for RISC VMain article Running and bit RISC V Linux on QEMURefresh repository metadata sudo apt updateInstall build dependencies for Linux and BusyBox sudo apt install autoconf automake autotools dev curl libmpc dev libmpfr dev libgmp dev gawk build essential bison flex texinfo gperf libtool patchutils bc zlibg dev libexpat dev gitYou ll also need to install qemu system for emulating the RISC V virt board sudo apt install y qemu system LinuxHead over to kernel org and download the latest stable kernel or any other sufficiently recent kernel of your choosing For example at the time of writing the latest stable kernel is wget Fetch also the corresponding kernel signature For something as important as an OS kernel it s best to verify its authenticity and integrity wget Decompress the kernel tarball but do not extract the archive yet unxz linux tar xz explains how to verify the signature of the kernel tarball First install gnupg sudo apt install gnupgNow import the keys for Linus Torvalds and Greg Kroah Hartman creator of Linux and lead kernel developer respectively gpg locate keys torvalds kernel org gregkh kernel orgTrust the imported keys Replace the hashes shown below based on the output you got from the previous command gpg tofu policy good DBBDCE gpg tofu policy good BEENow verify gpg trust model tofu verify linux tar signExpected output gpg assuming signed data in linux tar gpg Signature made Thu Aug UTCgpg using RSA key FEBDBEDBBDCEgpg Good signature from Greg Kroah Hartman lt gregkh kernel org gt full gpg gregkh kernel org Verified signatures in the past seconds Encrypted messages Now unpack the tarball tar xvf linux tarAnd enter the source tree pushd linux In order to cross compile for RISC V we need a cross compiler Install gcc riscv linux gnu sudo apt install y gcc riscv linux gnuNow configure the kernel for RISC V make ARCH riscv CROSS COMPILE riscv linux gnu defconfigAnd build it this can take a while make ARCH riscv CROSS COMPILE riscv linux gnu j nproc Now we can leave the source tree popd BusyBoxHead over to busybox net for the BusyBox source code The latest release at the time of writing is Fetch the compressed tarball wget And the SHA hash to verify its integrity wget There also appears to be a signature file for verifying the tarball signature but we ll not cover it here Verify the checksum shasum c busybox tar bz shaExpected output busybox tar bz OKUnpack the archive tar xvf busybox tar bzNow enter the source tree pushd busybox Configure and build for RISC V make sure the resulting binary is statically linked CROSS COMPILE riscv linux gnu LDFLAGS static make defconfig CROSS COMPILE riscv linux gnu LDFLAGS static make j nproc We can now leave the source tree popd Preparing the virtual disk rootfsBefore we can boot our virt board we need to prepare a disk image with a root filesystem rootfs The rootfs will mainly be provided by BusyBox though we ll need to create a few additional directories for mount points startup scripts and the like The simplest way to do so is with dd let s make a virtual disk image busybox GB in size dd if dev zero of busybox bs M count Format it with ext filesystem or another supported filesystem of your choice mkfs ext busyboxCreate a mount point rootfs mkdir p rootfsNow mount our virtual disk on our newly created mount directory sudo mount busybox rootfsWe can now install Busybox on this rootfs sudo CROSS COMPILE riscv linux gnu LDFLAGS static make C busybox install CONFIG PREFIX rootfsCreate a few directories for mounting key filesystems like procfs sysfs and devtmpfs for BusyBox to boot correctly sudo mkdir p rootfs proc rootfs sys rootfs devMake sure etc fstab exists to silence a warning on poweroff sudo touch rootfs etc fstabCreate a directory etc init d for startup scripts sudo mkdir p rootfs etc init dBusyBox runs a script etc init d rcS on system startup Let s fill it in and make it executable sudo bash c cat gt rootfs etc init d rcS lt lt EOF bin shecho Hello Embedded World echo Hello RISC V World mount t proc proc procmount t sysfs sysfs sysip addr add dev ethip link set dev eth upip route add default via dev ethEOF sudo chmod x rootfs etc init d rcSUnmount our virtual disk sudo umount rootfsNow onto the exciting stuff Booting our RISC V virt boardLet s run our emulator qemu system riscv nographic machine virt kernel linux arch riscv boot Image append root dev vda ro console ttyS drive file busybox format raw id hd device virtio blk device drive hd netdev user id eth device virtio net device netdev ethMost of the options will look familiar to you if you followed our last article so we ll just cover what s new kernel linux arch riscv boot Image remember last time we specified the bootloader Das U Boot here This time we specify an actual kernel image the one we just built This skips the bootloader stage straight to the kernel also know as direct kernel boot It s required in this case since our BusyBox rootfs is not a bootable image append root dev vda ro console ttyS here we append some kernel command line options For example our rootfs at dev vda as seen from within the VM is mounted read only ro and we specify the consoleSince the BusyBox userspace is extremely lightweight it should boot fully within about second Here s what you should see Hello Embedded World Hello RISC V World Please press Enter to activate this console Press Enter as prompted You should drop into a root shell Let s play around View the list of running processes ps auxExample output PID USER TIME COMMAND init kthreadd rcu gp rcu par gp netns kworker eve kworker H ev kworker u ev mm percpu wq rcu tasks trace ksoftirqd rcu sched migration kworker eve cpuhp kdevtmpfs inet frag wq khungtaskd oom reaper writeback kcompactd kblockd ata sff rpciod kworker H ev xprtiod kswapd kworker u ev nfsiod uas mld ipv addrconf jbd vda ext rsv conver bin sh init init init ps auxThat s a really lightweight system You can even run top to view processes and CPU usage in real time topPress q to quit Let s see how much memory we re using versus what s available free mExample output total used free shared buff cache availableMem Swap Again extremely lightweight the VM has about MB memory available and we only used MB Compare that with Ubuntu server on RISC V that fails to boot with MB memory due to insufficient memory Check how much disk space is used available df ThExample output Filesystem Type Size Used Available Use Mounted on dev root ext M M M devtmpfs devtmpfs M M devWe allocated GB for our virtual disk and the BusyBox rootfs takes less than MB Let s also test the network Try pinging the host ping c Example output PING data bytes bytes from seq ttl time ms bytes from seq ttl time ms bytes from seq ttl time ms bytes from seq ttl time ms bytes from seq ttl time ms ping statistics packets transmitted packets received packet lossround trip min avg max msGreat Let s see if we can reach servers from the Internet Here s a public IP address for google com ping c Example output PING data bytes bytes from seq ttl time ms bytes from seq ttl time ms bytes from seq ttl time ms bytes from seq ttl time ms bytes from seq ttl time ms ping statistics packets transmitted packets received packet lossround trip min avg max msLet s also view information on the CPU through procfs cat proc cpuinfoOutput processor hart isa rvimafdcmmu svSo our emulated board has a single RISC V CPU core with a single hardware thread hart and the CPU core supports the RVIMAFDC ISA specification where IMAFD can be simplified to just G to give RVGC G for general extensions C for compressed instructions You can read more about the RISC V ISA specification on GitHub which is highly modular with a minimal base ISA plus many optional extensions Play around a bit more then power down the board poweroffThat s it congratulations You ve successfully compiled your own Linux kernel and minimal BusyBox userspace and booted it on a virtual RISC V virt board with QEMU Next stepsIf this article had you craving for more here are a few things you could try to further your adventure The list is by no means exhaustive If you played around a bit more you might ve noticed that DNS resolution does not work inside the board Try to figure out why and fix itTry following this article or the official RISC V docs with a real physical RISC V SoC After all physical hardware is the real dealIf you manage to boot your own embedded Linux on physical RISC V hardware try doing something useful with it such as making it an IoT project as part of your smart home |
2022-08-14 13:54:58 |
海外TECH |
DEV Community |
Dynamic PostgreSQL credentials using HashiCorp Vault (with PHP Symfony & Go examples) |
https://dev.to/breda/dynamic-postgresql-credentials-using-hashicorp-vault-with-php-symfony-go-examples-4imj
|
Dynamic PostgreSQL credentials using HashiCorp Vault with PHP Symfony amp Go examples I was playing around with HashiCorp Vault trying to integrate dynamic secrets one of many features Vault offers with a web application Basically have a web application connect to a database PostgreSQL using dynamically generated credentials username amp password that you can rotate whenever you want and it ll all be transparent to your app Vault handles the credentials generation and thus creating a corresponding username amp password in PostgreSQL and expiration and thus removing the username from the DB I m by no means a Vault expert this was actually my first hands on with it I thought I d share this article with an example to Be better at writing technical articlesLearn to better articulate amp communicate my thoughtsShowcase real example of using Vault with your application as there aren t many Anyway let s get into it Vault Initial SetupFirst we need to setup some stuff in Vault Installing Vault is really easy so go ahead and do that first Once you get Vault installed on your system you can run the dev server withvault server devIn the output you ll get the three important information The API endpoint which is the same as the UI URL If you ran the dev server without any arguments this is probably The unseal token This is used to unseal and Vault from its sealed state Whenever Vault is rebooted and or initialized it starts in a sealed state so you ll need to unseal it first We don t have to worry about this because when using dev server Vault is already initilized and unsealed The root token The token we ll use to authenticate our requests to the API This is only a good idea when running a dev server and trying out some stuff but in the real world the root token is only there for emergencies and for initial setup of users policies etc Now that we have a Vault server running leave that Terminal open and open a new one or a new Tmux pane or whatever Let s configure our access to Vault COnfigure our accessexport VAULT ADDR export VAULT TOKEN THE ROOT TOKEN YOU GOT FROM RUNNING SERVER verify the connection vault statusYou should see that it says Initialized true amp Sealed false PostgreSQL Initial SetupLet s do some initial setup on our PostgreSQL database I m using a VM created using Vagrant of Ubuntu and I installed PostgreSQL inside of it Checkout out this article on DigitalOcean on how to install it Once it s installed let s do some setup Inside the VMsudo i u postgres Open PostgreSQL clipsql and create a new vault user CREATE ROLE vault WITH SUPERUSER LOGIN ENCRYPTED PASSWORD vault password After that let s make sure PostgreSQL accepts remote connections from outside the VM Open etc postgresql main postgresql conf file and update listen addresses to Open etc postgresql main pg hba conf and add this line host all all md That basically tells the PostgreSQL server to listen to remote connections and not just locally and the HBA config allows all users to connect from anywhere using their passwords Again this is not a good idea for a production system as this exposes your PostgreSQL instance too much We re only playing around here so it s okay Configuring Vault to use our PostgreSQL databaseNow that we have both Vault amp Postgres initialized let s configure Vault to connect and manage Postgres credentials Connect Vault to PostgresVault can manage secrets using its Secrets Engines which range from AWS GCP Key Value LDAP SSH databases and so on See the complete list on their docs Secrets Engines are Vault components that store generate amp encrypt secrets The one that we are interested in is the database engine The database engine supports a wide varity of database flavors including but not limited to PostgreSQL MySQL Redshift and Elasticsearch Let s enable the engine and configure it to use our Postgrs database Enable the database secrets enginevault secrets enable database Configure the engine to connect to our Postgres database using the user we created earlier vault write database config application db plugin name postgresql database plugin allowed roles dbuser connection url postgresql username password postgres username vault password vault password Let s explain what we did here We enabled the secrets engine in Vault under the path database We are writing new config data to our database engine we called this config application db but you can call it whatever you want The plugin name to use We re using PostgreSQL here The allowed roles that are to be associated with this config Role here refers to Vault role not Postgres role We ll create the Vault role after this Setup the connection URL to Postgres is my VM s IP address so change that to yours or if you re running it locally We use the default postgres database to connect since our user vault does not have a databse nor that it needs one Supply the username amp password for the vault user we created earlier Now let s create a Vault role that will manage the credential creation in both Vault amp Postgres When creating a role we supply Creation statements Vault will use this to know how to create the user in Postgres whenever we ask for new credentials Revocation statements Vault will execute these commands against Postgres whenever the credentials have expired TTL reached TTL Time To Live of the credentials Once the credentials expire Vault will execute the Revokation statements and will remove the credentials from its storage Here s how to do that with Postgres vault write database roles dbuser db name app max ttl m creation statements CREATE USER name WITH SUPERUSER ENCRYPTED PASSWORD password VALID UNTIL expiration GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO name revocation statements REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM name DROP OWNED BY name DROP ROLE name For clarity here s what the creation amp revocation statements look like CreationCREATE USER name WITH SUPERUSER ENCRYPTED PASSWORD password VALID UNTIL expiration GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO name RevokationREVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM name DROP OWNED BY name DROP ROLE name Basically we created a Vault role that Expires in minutes post creation Creates a Postgres user with superuser privileges that has access to all tables in the public schema Properly drops the Postgres user upon expiration Of course SUPERUSER privileges are not needed and even dangerous to give to a user that only needs SELECT UPDATE INSERT amp DELETE privileges In production you ll need to tune the creation statements to a more secure one Remove SUPERUSER amp only give the least needed permissions to only neccessary tables I added the SUPERUSER privilege and set a short TTL just for the sake of example Now that we have a Vault role setup let s actually try creating some credentials by simply reading the from database creds dbuser like so vault read database creds dbuserThat will outputThe Lease ID which you can use to re new the lease on the credentials and not have them expire The Lease duration in our case it s minutes The generated username amp password Let s test it out using psqlpsql h u v root truly JixxaASFjSmjjYFVin d postgres pSupply the generated password and you should be in Example applicationsNow the strategy we re using here is our example applications need to connect to Vault and read generate new credentials and use them before the current ones expire i e before every minutes Let s do two example application to showcase how that s done One using Go and one using PHP w Symfony framework But first let s create a table and populate it with some dummy data With psql CREATE DATABASE app c appCREATE TABLE users id serial name VARCHAR INSERT INTO users name VALUES Jack Reacher Go example The Go application will expose an HTTP endpoint that will just simply get all users from our Postgres database using Vault generated credentials Create a new directory and execute the following go mod init go vault examplego get u github com mittwald vaultgo go get u github com gorilla mux go get u github com lib pq That will install our app dependencies which areMux for our HTTP endpointpq to enable Postgres support while using database sql package to query our Postgres database Vault Go which is a library we ll use to read credentials from our Vault server Here s our complete Go app package mainimport database sql net http strings fmt vault github com mittwald vaultgo github com gorilla mux github com lib pq type VaultCreds struct Data struct User string json username Password string json password json data type DbConnection struct Dbname string Host string Port int User string Password string Read generate credentials from our Vault server Don t forget to update your Vault address and token func getDBConnectionConfig DbConnection c err vault NewClient VAULT SERVER ADDRESS vault WithCaPath vault WithAuthToken VAULT AUTH TOKEN if err nil panic err key string v database creds dbuser options amp vault RequestOptions response amp VaultCreds err c Read key response options if err nil panic err return DbConnection Dbname app Host Port User response Data User Password response Data Password This function opens up a new Postgres connection to our server and returns it func openConnection sql DB config getDBConnectionConfig connStr fmt Sprintf host s port d user s password s dbname s sslmode disable config Host config Port config User config Password config Dbname db err sql Open postgres connStr if err nil panic err err db Ping if err nil panic err fmt Printf Connected to PostgreSQL db using user lt s gt and password lt s gt n config User config Password return db Factory to create the function that handles the index request It queries the database and return a join of all names in the users table Pretty simple func newIndexHandler db sql DB func http ResponseWriter http Request return func w http ResponseWriter r http Request rows err db Query SELECT name FROM users if err nil panic err defer rows Close names string for rows Next var name string err rows Scan amp name if err nil panic err names append names name w WriteHeader http StatusOK fmt Fprint w strings Join names func main Setup DB connection db openConnection defer db Close Setup router r mux NewRouter r HandleFunc newIndexHandler db http Handle r Start listening fmt Println Listening on http ListenAndServe r That s a pretty basic Go program that fetches data from our users table in Postgres The only interesting part is it read the credentials from our Vault server and uses them to connect Our app is completely oblivious to how those credentials are generated and when It just reads them and uses them go build go vault example Output is something like Connected to PostgreSQL db using user lt v root truly OQZIsxFoytoXbaIKo gt and password lt u ApocYWqzUaSqWL gt │ Listening on Visit in your browser and you ll see some data output Now the only time the credentials are read and thus generated is when we start our program If we wanted to re generate a new pair of credentials we ll need to stop it and run it again which isn t really a good idea So let s use system signals for that by adding this snippet right before starting the HTTP server Setup reload signal using SIGHUP Sending SIGHUB signal to our process will make it close the current DB connection and open a new one with newly generated credentials signals make chan os Signal signal Notify signals syscall SIGHUP go func lt signals fmt Println Reloading Terminating current connection and creating a new one db Close db openConnection Start Listening etc Don t forget to add os syscall amp os signals imports That snippet runs a goroutine that waits for SIGHUB signal Upon receiving it it closes the current database connection and creates a new one effectively re generating new credentials Build and run the app again and let s try it out PID pgrep go vault example Get the PID of our processkill HUP PID Send a SIGHUP signalOur program will print something like Reloading Terminating current connection and creating a new one Connected to PostgreSQL db using user lt v root truly msxAJoWUbQJhxfL gt and password lt oaY ablIShVzcKEoNp gt Since we have our credentials expire after minutes we just need to send a SIGHUP signal to our program before that happens We can set up a cron job to do so that runs every minutes or something like that To conclude We start our program and it generates a new pair of credentials We reload our program every minutes and by that we generate new credentials The old credentials will always expire and be removed from our database that leaves minutes of the old user not being used by anyone That s it that s a basic example of how you can use Vault dynamic credentials in your Go app PHP Example w Symfony Framework Let s create a new Symfony minimal application with Doctrine ORM Vault PHP Client amp a couple of its dependencies composer create project symfony skeleton php vault examplecd php vault examplecomposer require ormcomposer require csharpru vault phpcomposer require alextartan guzzle psr adaptercomposer require laminas laminas diactorosSymfony by default uses YAML files for configuration but that doesn t really fit us for this use case We need to use PHP config files because that gives us the ability to run some custom code to get the database credentials from Vault First let s remove the connection config from config packages doctrine ymldoctrine Remove the dbal line and its children dbal Then create a new file config packages db connection php like so lt phpuse App Init VaultConfig use Symfony Config DoctrineConfig config new VaultConfig credentials config gt getDbConfig return static function DoctrineConfig doctrine use credentials dbal doctrine gt dbal gt connection default gt driver pdo pgsql gt dbname app gt serverVersion gt user credentials username gt password credentials password gt host gt port We still don t have the VaultConfig class yet so let s create that in src Init VaultConfig php lt phpnamespace App Init use GuzzleHttp Psr Uri use Laminas Diactoros RequestFactory use Laminas Diactoros StreamFactory use Vault Client use Vault AuthenticationStrategies TokenAuthenticationStrategy class VaultConfig public const VAULT ADDR public const VAULT TOKEN hvs mjlWfaLWGHQdbxActaEz public const CREDENTIALS PATH database creds dbuser private Client client public function construct client new Client new Uri self VAULT ADDR new AlexTartan GuzzlePsrAdapter Client new RequestFactory new StreamFactory try authenticated client gt setAuthenticationStrategy new TokenAuthenticationStrategy self VAULT TOKEN gt authenticate catch Exception e die e gt getMessage if authenticated die Could not authenticate to Vault server at self VAULT ADDR this gt client client public function getDbConfig array try response this gt client gt read self CREDENTIALS PATH catch Exception e die e gt getMessage return response gt getData Make sure to update the VAULT ADDR amp VAULT TOKEN to your values Now let s create a simple controller that will read data from our users table Create a new file src Controller IndexController php lt phpnamespace App Controller use Doctrine DBAL Connection use Symfony Bundle FrameworkBundle Controller AbstractController use Symfony Component HttpFoundation JsonResponse use Symfony Component Routing Annotation Route class IndexController extends AbstractController Route name app index public function index Connection connection JsonResponse users connection gt executeQuery SELECT FROM users gt fetchAllAssociative return this gt json data gt users connection gt user gt connection gt getParams user password gt connection gt getParams password Let s start a local PHP server and see our responsephp S localhost t publicVisit http localhost you ll see a JSON response containing our users and also the currently used PostgreSQL username password Now Symfony actually caches the config data after executing it the first time so our credentials are only generated once and then cached which is good thing because we definetly don t want our database credentials be generated on every request So if we wanted to generate a new pair all we need to do is clear the symfony cache bin console cache clearIf you visit your web page again you ll see a new pair of credentials being used Same as we did for our Go app we just need to clear the cache before our credentials expire and we ll be good To conclude We start our PHP application and it reads the config for the first time and generate new credentials We clear Symfony cache every minutes or so so that the config is re read and new credentials get generated amp used The old credentials will always expire and be removed from our database that leaves minutes of the old user not being used by anyone Final notes amp recapI haven t tested this approach in a production environment and I ll sure that will bring up some nice challenges such as what happens when your application is getting a lot of concurrent requests and you rotate your keys You could get some downtime everytime you rotate keys so that s something to keep an eye for The TTLs we used are obviously not realistic and are only meant for testing In real life you d want a longer TTL depending on your use cases As I said in the beginning of the article I m by no means a Vault or Go expert I mainly work with PHP I only wanted to write this article to share examples of using Vault inside an application If you notice anything wrong or something could be done better I d love your feedback Let s recap what we didLet s do a recap of what we did today We set up a local dev Vault server to test things out with We set up Vault to be able to talk to PostgreSQL and dynamically generate credentials using the database secrets engine We tested out the integration by generating new credentials and seeing them also created in PostgreSQL Whenever the credentials expired we did notice that the user disappeared from our Postgres database We created a basic Go application that reads the dynamic credentials from Vault and uses them to query the database We then added a mechanism to our Go app to be able to rotate keys by using system signals SIGHUP We then created a simple PHP application using Symfony framework and we did same thing as in Go Thanks for reading |
2022-08-14 13:18:06 |
Apple |
AppleInsider - Frontpage News |
Crime blotter: Shots fired near Fifth Avenue 'Cube' |
https://appleinsider.com/articles/22/08/14/crime-blotter-shots-fired-near-fifth-avenue-cube?utm_medium=rss
|
Crime blotter Shots fired near Fifth Avenue x Cube x In the latest Apple Crime Blotter Fetty Wap jailed for FaceTime call cops seek a serial iPhone thief and accused Apple Store thieves are arrested The Fifth Avenue Apple Store in New York The latest in an occasional AppleInsider series looking at the world of Apple related crime Read more |
2022-08-14 13:53:35 |
Apple |
AppleInsider - Frontpage News |
Daily deals August 14: $60 off Apple TV 4K, $15 off Magic Trackpad, $200 off Mac Studio, more |
https://appleinsider.com/articles/22/08/14/daily-deals-august-14-60-off-apple-tv-4k-15-off-magic-trackpad-200-off-mac-studio-more?utm_medium=rss
|
Daily deals August off Apple TV K off Magic Trackpad off Mac Studio moreSunday s best deals include a inch M Pro MacBook Pro for an LG inch OLED K Smart TV for off and much more Best deals for August Every day AppleInsider scours online retailers to find offers and discounts on Apple devices hardware accessories smart TVs and other products The best discoveries are put into our daily deals post for you to enjoy Read more |
2022-08-14 13:08:48 |
Apple |
AppleInsider - Frontpage News |
AirTag catches airport baggage handler stealing luggage |
https://appleinsider.com/articles/22/08/14/airtag-catches-airport-baggage-handler-stealing-luggage?utm_medium=rss
|
AirTag catches airport baggage handler stealing luggageApple s AirTag has helped police arrest a baggage handler who stole luggage from passengers at an airport as well as the recovery of more than in jewelry and other items via Okaloosa County Sheriff s OfficeOn August the Okaloosa County Sheriff s Office revealed it had conducted an investigation into suspicious activity at the Destin Fort Walton Beach Airport The sheriff s Airport Security Unit were alerted to thefts relating to stolen luggage handled by an employee Read more |
2022-08-14 13:09:43 |
ニュース |
BBC News - Home |
UK heatwave: Final day of 'extreme' heat with thunder on way |
https://www.bbc.co.uk/news/uk-62539909?at_medium=RSS&at_campaign=KARANGA
|
wales |
2022-08-14 13:49:22 |
ニュース |
BBC News - Home |
Salman Rushdie on 'long road to recovery', agent says |
https://www.bbc.co.uk/news/world-us-canada-62542161?at_medium=RSS&at_campaign=KARANGA
|
agent |
2022-08-14 13:51:57 |
ニュース |
BBC News - Home |
Channel migrants: More than 20,000 people arrive in UK in 2022 |
https://www.bbc.co.uk/news/uk-england-kent-62539789?at_medium=RSS&at_campaign=KARANGA
|
channel |
2022-08-14 13:13:32 |
ニュース |
BBC News - Home |
Moment explosion rocks shopping centre in Armenia |
https://www.bbc.co.uk/news/world-62540398?at_medium=RSS&at_campaign=KARANGA
|
massive |
2022-08-14 13:31:14 |
北海道 |
北海道新聞 |
ロシアでの遺骨収集中断 シベリア抑留経験者・吉田さん 利尻に戦友の石碑建立へ |
https://www.hokkaido-np.co.jp/article/717712/
|
遺骨収集 |
2022-08-14 22:29:25 |
北海道 |
北海道新聞 |
米議員団15日まで台湾訪問 蔡総統と会談、中国反発も |
https://www.hokkaido-np.co.jp/article/717714/
|
議員団 |
2022-08-14 22:21:00 |
北海道 |
北海道新聞 |
事故死少年、母娘刺傷と関連捜査 福岡県警、東京都内在住か |
https://www.hokkaido-np.co.jp/article/717713/
|
北九州市小倉北区 |
2022-08-14 22:17:00 |
北海道 |
北海道新聞 |
日8―3ロ(14日) 日本ハム、12安打8得点で快勝 加藤5勝目 |
https://www.hokkaido-np.co.jp/article/717689/
|
日本ハム |
2022-08-14 22:13:47 |
北海道 |
北海道新聞 |
「八雲山」公開、祭り気分に 巡行は中止 |
https://www.hokkaido-np.co.jp/article/717654/
|
祭り |
2022-08-14 22:12:05 |
北海道 |
北海道新聞 |
スタートアップ資金調達、2倍の69億円 札幌・北海道エコシステム推進協21年度 |
https://www.hokkaido-np.co.jp/article/717677/
|
資金調達 |
2022-08-14 22:08:29 |
北海道 |
北海道新聞 |
「田んぼアート」見頃 「あさっぴー」など描く 旭川市東鷹栖 |
https://www.hokkaido-np.co.jp/article/717679/
|
田んぼアート |
2022-08-14 22:07:11 |
コメント
コメントを投稿