Handling Secrets with SOPS

Installation using homebrew brew install sops manual download download from GitHub https://github.com/getsops/sops/releases Using SOPS Create a sops.yaml sops.yaml creation_rules: # encrypt stuff in .secrets - aws_profile: default kms: arn:aws:kms:eu-central-1:1234567890:key/abcdefg-0123456-abcdefg (1) path_regex: ^./secrets/.*$ (2) 1 We are using AWS KMS for encryption/decryption 2 All files in the directory .secrets will be encrypted Inplace Encrypt sops -e -i .secrets/mysecret.yaml Inplace Decrypt sops -d -i .secrets/mysecret.yaml Complete Example using PGP Install GPG and create a new Key Install the GPG binaries .Linux / apt sudo apt install gnupg ...

April 19, 2024 · 2 min · 308 words · Micha Kops

Snippet: Creating secure Password Hashes in Java with Heimdall

These days where a cheap GPU for about 100 € is capable to create 3 billion of MD5 Hashes per second, we need not only need to use salts the right way but we also need to choose a strong, non-reversible and slow hashing schemes when storing passwords in our application. Heimdall is a library that implements a secure and upgradable password hashing mechanism and uses at the time of writing this article PBKDF2 SHA-1 HMAC with 20000 iterations and a 192 bit (24 byte) salt per default. ...

July 12, 2015 · 3 min · 588 words · Micha Kops

Linux Snippets

These are not only linux snippets but also bash snippets and snippets using tools that run under Linux, *nix or sometimes even MacOSX, I should reorder this article someday ;) Settings for more reliable bash scripts set -euo pipefail this gives us …​ -e: exit script if a single command fails -u: exit script if an unset variable is used -o pipefail: return value of a pipeline is the status of the last command to exit with a non-zero status, or zero if no command exited with a non-zero status ...

March 1, 2010 · 15 min · 3006 words · Micha Kops