A script in golang which demonstrates how to allow a user temporary, time-limited membership to a Google Group. (firecall access, just in time access)
You can use this to set on-demand firecall access based on google groups.
For example, if you need to let a specific user access to a…
Works fine but all samples included there describe how to generate an encoded key using a BQ function itself: KEYS.NEW_KEYSET(‘AEAD_AES_GCM_256’)
However, what if you
a) already have a raw
AEAD_AES_GCM_256 that you want to use with BQ or
b) you've already generated a…
Ever needed to know how Google Cloud IAM roles and permissions change over time? Ever wanted to map roles<->permissions thats easily queryable in a BQ dataset?
Why you ask?
The easiest usecase is to have a way to reverse map “which permissions are in this role? or Which roles include…
Kubernetes service for gRPC xDS loadbalancing that allows even distribution of k8s
gRPC service->service api calls.
Note, normally kubernetes services are exposed…
For some reason on a day i took off from work, i needed to use openssl to run a plain Key derivation function before i have to mow the lawn.
At first i found the man page here about that but it turns out its only available in openssl3+.
So, her’es a docker file with
openssl3.0...you can access it here:
while you’re here, also see OpenSSL docker with TLS trace enabled ..which also compiles in fips with openssl3
now to go take care of the weeds…
TPM Remote attestation allows a remote server to “trust” that a specific TPM has signed some data or assert system state. Its cryptographically secure way to transfer secrets and do many more things.
The first step to establish trust is to setup a way a remote system can “prove” that…
A simple terraform provider that does HTTP POST and mTLS.
Hashicorp published a convenient HTTP datasource which i use time to time but realized its just for GET request.
Yesterday was a bit slow so i decided to modify the HTTP provider and add on a couple of extra features…
Samples in golang that enables the following where the private key or hmac secret is embedded with a TPM (Trusted Platform Module)
AWS secret key and ID can be thought of as a username/password and should be carefully managed, rotated, secured as described in Best…