AWS SECRET MANAGER


Introduction

Most of the IT companies are working or are migrating their infrastructure to the cloud environment for cost reduction, high availability, data security, and hassle-free setup. Companies create or use applications/databases on the cloud, where they need to authenticate via secrets (or credentials). These days protection of passwords is one of the challenges, and hard-coding the secrets into the system would be a major security issue. Hence, we can make use of the AWS service named Secret Manager that will be responsible for the management of secrets.

What is a Secret?

A secret is not just a pair of usernames and passwords. It might contain a set of credentials holding key-value pairs or connection details to access the related services. In AWS Secret manager, a secret has metadata:

An Amazon Resource Name, name of the secret, a description, a resource policy, and tags, ARN for an encryption key (an AWS KMS key that Secrets Manager uses to encrypt and decrypt the secret value), Information of rotation of secret.

Continue reading “AWS SECRET MANAGER”

Your Guide for Patching Elastic Search!

What is Patching?

A patch is a set of updates to a server or its supporting data designed to update, fix and improve, including fixing security vulnerabilities and other bugs. They may be applied to program files on a storage device or in computer memory. Patches may be permanent or temporary. 
In a brief overview, you need to perform the following tasks for patch management: 
 1. Create a patch catalog.
 2. Analyze the target to determine the patches that need to deploy.
 3. Deploy the required patches to targets requiring remediation.
 4. Analyze the targets again to ensure each server has the correct patch.

Continue reading “Your Guide for Patching Elastic Search!”

How to fix error “[SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed” (_ssl.c:727)

While working with one of our banking sector clients (hybrid cloud ), we encountered the error:

fatal error: SSL validation failed for https://bucket_name.s3.ap-south-1.amazonaws.com/file_name  “[SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed” (_ssl.c:727)

Scenario:

I was copying one file from s3 bucket to one of the newly launched servers x.x.x.x via AWS cli with below mentioned command.

Learn How to Control Consul Resources Using ACL

When we talk about service mesh, consul is one of the open-source tools which is widely used as a service discovery for multiple ephemeral or non-ephemeral resources. There are multiple consuls [service mesh] alternatives which are used as a service discovery but we won’t be discussing service discovery & alternative comparisons here.

If we talk about consul, it is not only used as a service mesh but also provides multiple options and features other than a service mesh. Yes, you heard it right, this lad can do lots of things that we didn’t know or haven’t explored yet.

Let’s talk about some of the options or features provided by the consul and further, we will discuss some of the aspects and impact of things provided by the consul.

Continue reading “Learn How to Control Consul Resources Using ACL”

Introducing Kubernetes Vault Web-hook

Initially, we had the DevOps framework in which Development and Operation team collaborated to create an “Agile” ecosystem. But nowadays a lot of people are talking about the “DevSecOps” realm in which people do not treat security as an afterthought instead of that people are inculcating security in their development and operation practices.

Continue reading “Introducing Kubernetes Vault Web-hook”