Use OIDC to allow Github Actions to access Vault secrets

End of last year, Github made OIDC generally available for Github Actions. This means that you can configure your workflows to have access to auto-generated token and use it to request short-lived tokens from different providers that supports OIDC. This means more secure workflows as you no longer have to store the credentials as Github Secrets anymore. Before this change, the main authentication methods for Vault in Github have been the integrated Github authentication, Token, and AppRole. With these approaches excluding the Github authentication, you would still have to store credentials to Github Secrets to use them in workflows. Read more…

Written 4.4.2022 by Joonas Venäläinen

********************

Software architecture — MVC

Programming languages e.g. Python, Go, Javascript, etc can be used to write scripts to hack together something quickly, and of course, they are great for that purpose. And it is perfectly fine to write scripts that are used only once, for example, to quickly clean up some junk files or folders. However, as soon as the code is not used only once, or it will be used by others, for example, writing library code to solve a particular problem. We have to think about the Software architecture of the code. Read more…

Written 29.9. by Don Dang

********************

Creating a PyPi pull-through cache that is ready for Kubernetes

After the recent Fastly downtime, we were once again made aware that the internet is not always as stable as we would think. While Fastly took down many major sites on the internet, it also affected things like package managers. Services such as the central Helm registry were also inaccessible during the downtime. Using a single source for services such as Helm, PyPi and NPM is very convenient, but it sucks when things go down, and it might even block you from delivering software. In this post, we will explore one way of making your setup a bit more robust by adding caching between you and the main service that is usually used. Read more…

Written 9.7.2021 by Frank Wickström

********************

Beware! A new Python is approaching!

The next big Python release, Python 3.10, should happen in October. Even though that is still a few months away, we already know what to expect. The 3.10 branch went to feature freeze when the first beta version (Python 3.10.0b1) was released on May 3rd, 2021. Let’s have a peek at the new features and other changes. Read more… 

Written 11.6.2021 by Tuomas Suutari

********************

Building web map applications with OpenLayers

When it comes to maps on the web, OpenLayers stands out with its feature-packed capabilities and wide-range support of different data sources, be it geo-referenced images, vector tiles, or open and proprietary vector data formats. With its powerful API, OpenLayers makes it easy to put up a simple web map application with little effort. The following steps will show you how to create a simple web map with OpenLayers. Read more…

Written 25.5.2021 by Mingfeng Yu

********************

Building Pluggable Python Applications

Creating an application that can be extendable but have low coupling throughout is something that has always interested me. What if I could remove and add new parts to my application without thinking about the rest of the application breaking. Of course, this is often through as a programming 101 type of thing, “low coupling, high cohesion”. But saying the words versus actually being pragmatic is often challenging. This post will show one way you can keep your core application reasonably small and add new functionality using plugins. Read more…

Written 30.4.2021 by Frank Wickström

********************

Deliberately creating chaos

Over the past few years, Anders has focused heavily on DevOps; we have done so because we have seen it as one of the most critical shifts in both technology and company culture that has happened over the last few years. We, or most companies out there, have not always been the most comfortable with things breaking and failing. We want to change that. Read more…

Written 23.4.2021 by Frank Wickström

********************

Dynamic DB credentials with Hashicorp Vault

Vault is a great tool for managing and protecting sensitive data. One of its many features is the ability to create database credentials dynamically. This gives you extra layer of security as you can define short TTL for the credentials and rotate them frequently. For this short demonstration, I will use a simple docker-compose file that setups Vault and PostgreSQL. Read more…

Written 12.4.2021 by Joonas Venäläinen

********************

Speeding up software delivery using Kólga

We build a microservice architectured application with three services. All of these communicate with one of the following AMQP, REST APIs, and Websockets. The application is deployed using our Open-Source (MIT Licensed) DevOps tool Kólga. Read more…

Blog written 4.3.2021 by Frank Wickström