2022

October 5, 2022
in Terraform, Gitlab, Terraform state
5 min read

How to decrypt Terraform states stored in GitLab backend

cover

Assuming you are using the GitLab Terraform state feature in your self managed instance and you are using the embded backup utility provided by GitLab.

The Terraform state files are encrypted before they are stored. This means that you cannot retreiv the content at rest. For this purpose, GitLab use application secrets (and derive new secrets from thoses keys when needed) to encrypt sensitive content.

You want to retreiv the content of a state file from a GitLab backup. Like explained in this issue, it's not possible to easily retreiv a decrypted content is the instance is offline.

September 11, 2022
in Git, Gitflow, Merge request, Pull request, Feature
15 min read

Properly handle Git flow

cover

Any developper use or will use Git at a point in is career. Most of the time they will have to work with other people on the same Git repository. To avoid it to be branch and commit battlefield here is a simple guide on how to contribute properly on a Git repository.

August 11, 2022
in Kubernetes, Security, Firewall, Network
30 min read

Zero trust deployment with Kubernetes

cover

Using OpenSource software written by unkown people sometimes can be a little scary. Even more when I deploy them I a production environment in my company. On my case, I have created a brand new Kubernetes cluster to host some private services on my local network and I wanted to be sure that they don't do anything malicious on my network.

April 28, 2022
in Security, 2fa, Totp
15 min read

Understanding Time-based One-time-password

cover

Now that every web service encourage you, more and more, to use MFA to secure your account, one of them is used most than others : Time-based one-time password or TOTP generate a unique code of 6 or more numbers to enter just after typing your password.

The server or web app allowing to setup TOTP give a QRCode to scan (or a Base32 string) to configure in a TOTP generator app like Microsoft Authenticator, Google Authenticator, Bitwarden or more.

We all use it, but how does it work ? Is it secure ? Is my account secure when using third-party TOTP generator ??

February 6, 2022
in Certificate, Openssl, X509
15 min read

x509 certificat managment

cover

What are x509 certificates ?

According to Wikipedia, x509 is a standard defining the format of public key certificates. They are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS (the secure protocol for browsing the web).