https://www.hascode.com/tags/encryption/ Recent content in Encryption on Micha Kops' Tech Notes Hugo -- 0.147.8 en Copyright © 2010 - 2025 Micha Kops. #213243b1d6e8932079e09227d3f3ed0c806cd0c9 Fri, 19 Apr 2024 00:00:00 +0200 https://www.hascode.com/handling-secrets-with-sops/ Fri, 19 Apr 2024 00:00:00 +0200 https://www.hascode.com/handling-secrets-with-sops/ <div id="preamble"> <div class="sectionbody"> <div class="imageblock"> <div class="content"> <img src="sops-cover-image.webp" alt="sops cover image"/> </div> <div class="title">Figure 1. Handling Secret with SOPS</div> </div> </div> </div> <div class="sect1"> <h2 id="_installation">Installation</h2> <div class="sectionbody"> <div class="listingblock"> <div class="title">using homebrew</div> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">brew install sops</code></pre> </div> </div> <div class="paragraph"> <div class="title">manual download</div> <p>download from GitHub <a href="https://github.com/getsops/sops/releases" class="bare">https://github.com/getsops/sops/releases</a></p> </div> </div> </div> <div class="sect1"> <h2 id="_using_sops">Using SOPS</h2> <div class="sectionbody"> <div class="olist arabic"> <ol class="arabic"> <li> <p>Create a <code>sops.yaml</code></p> <div class="listingblock"> <div class="title">sops.yaml</div> <div class="content"> <pre class="highlight"><code class="language-yaml" data-lang="yaml">creation_rules: # encrypt stuff in .secrets - aws_profile: default kms: arn:aws:kms:eu-central-1:1234567890:key/abcdefg-0123456-abcdefg <i class="conum" data-value="1"></i><b>(1)</b> path_regex: ^./secrets/.*$ <i class="conum" data-value="2"></i><b>(2)</b></code></pre> </div> </div> <div class="colist arabic"> <table> <tbody><tr> <td><i class="conum" data-value="1"></i><b>1</b></td> <td>We are using AWS KMS for encryption/decryption</td> </tr> <tr> <td><i class="conum" data-value="2"></i><b>2</b></td> <td>All files in the directory <code>.secrets</code> will be encrypted</td> </tr> </tbody></table> </div> </li> <li> <p>Inplace Encrypt</p> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">sops -e -i .secrets/mysecret.yaml</code></pre> </div> </div> </li> <li> <p>Inplace Decrypt</p> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">sops -d -i .secrets/mysecret.yaml</code></pre> </div> https://www.hascode.com/snippet-creating-secure-password-hashes-in-java-with-heimdall/ Sun, 12 Jul 2015 00:00:00 +0200 https://www.hascode.com/snippet-creating-secure-password-hashes-in-java-with-heimdall/ <div id="preamble"> <div class="sectionbody"> <div class="paragraph"> <p>These days where a cheap GPU for about 100 € is capable to create 3 billion of MD5 Hashes per second, we need not only need to use salts the right way but we also need to choose a strong, non-reversible and slow hashing schemes when storing passwords in our application.</p> </div> <div class="paragraph"> <p>Heimdall is a library that implements a secure and upgradable password hashing mechanism and uses at the time of writing this article PBKDF2 SHA-1 HMAC with 20000 iterations and a 192 bit (24 byte) salt per default.</p> </div> https://www.hascode.com/linux-snippets/ Mon, 01 Mar 2010 00:00:00 +0100 https://www.hascode.com/linux-snippets/ <div id="preamble"> <div class="sectionbody"> <div class="admonitionblock tip"> <table> <tbody><tr> <td class="icon"> <i class="fa icon-tip" title="Tip"></i> </td> <td class="content"> <div class="paragraph"> <p>These are not only linux snippets but also bash snippets and snippets using tools that run under Linux, *nix or sometimes even MacOSX, I should reorder this article someday ;)</p> </div> </td> </tr> </tbody></table> </div> </div> </div> <div class="sect1"> <h2 id="_settings_for_more_reliable_bash_scripts">Settings for more reliable bash scripts</h2> <div class="sectionbody"> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">set -euo pipefail</code></pre> </div> </div> <div class="paragraph"> <p>this gives us …​</p> </div> <div class="ulist"> <ul> <li> <p>-e: exit script if a single command fails</p> </li> <li> <p>-u: exit script if an unset variable is used</p> </li> <li> <p>-o pipefail: return value of a pipeline is the status of the last command to exit with a non-zero status, or zero if no command exited with a non-zero status</p> </li> </ul> </div>