« Back to home

Secrets in AWS

Managing secrets in the cloud Moving hosted services to cloud-based archictectures has introduced a lot of different pain points, some new, some pre-existing that become more of an issue. One such issue is secrets1. There have been a number of different discussions and solutions for this problem, including: Hacker News: Ask HN: In a microservice architecture, how do you handle managing secrets? Docker GitHub: Secrets: write-up best practices, do’s and don’ts, roadmap The main question here is: “How do you expose secrets to only those services that require them, without exposing them to those that don’t, and at the same time make their lifecycle (rotating/replacing/expiring) easy to maintain?…

Read more »

Serverless Blog

Hello from CloudFront As of today, this blog is now being served by Amazon S3, and cached globally by CloudFront. You can say it’s “serverless”, even if the term isn’t quite true (after all, it’s always running on someone’s server). The transition wasn’t too easy, but it was my first crack at hosting a site purely in S3, and it was a chance to learn to use CloudFront and Travis CI.…

Read more »