Guest Post: Moving Secrets Where They Belong

by Simen A.W. Olsen

Pulumi recently shipped Pulumi ESC, which adds the “Environment” tab to Pulumi Cloud. For us at Bjerk, this means we can move secrets into a secrets manager like Google Secrets Manager. Let me show you how we did it!

We are already rotating secrets with our own CLI tool, which works fine, meaning we are getting notifications in our Slack channel—which everyone tends to ignore until something real breaks. If you are curious how we are handling it today, we are using our own NPM package that throws an exception if a secret has expired. To ensure everything works smoothly, we utilize a GitHub Actions workflow that is scheduled to run daily for drift checking.

The secrets are shared between stacks using StackReferences, which has served us well.

Improving security

One issue with our current setup is that we publicly store encrypted secrets in our repository. Previously, we’ve thought of using Google Secrets Manager with the GetSecret function. That comes with its own territory, such as permissions to the secret and managing those permissions—not to mention that we already use multiple secret managers/vaults.

Now, with Pulumi ESC, it’s time to pick this Continue reading

BrandPost: Five reasons to adopt a single-vendor SASE approach

By: Gabriel Gomane, Senior Product Marketing Manager at HPE Aruba NetworkingAs organizations are moving to a cloud-centric architecture, where most applications reside in the cloud and the demand for hybrid work environment increases, security must evolve in parallel: Legacy VPNs have often provided poor user experience. Additionally, usage of VPNs without granular controls could over-extend network privilege, granting users more access to resources than necessary, increasing security risks. Traditional network architectures routed application traffic to the data center for security inspection, which is no longer practical, and impacted application performance since most applications now reside in the cloud. With data increasingly hosted in SaaS applications, organizations need to take extra steps to protect their data. Sensitive data can indeed be stored in both sanctioned and unsanctioned cloud applications (or shadow IT), and may travel over unsecured links, leading to potential risk of data loss. Employees are vulnerable to web-based threats such as phishing attacks and ransomware when browsing the internet or simply accessing emails. The explosion of IoT devices in the recent years have significantly increased the attack surface. However, IoT devices are often built on a simple design and lack sophisticated security mechanisms. Finally, organizations must comply with Continue reading

Kubernetes Unpacked 037: Improving The Developer Experience With Continuous Deployment (Sponsored)

In this sponsored episode of the Kubernetes Unpacked podcast, Kristina and Michael are joined by Adam Frank, SVP of Product and Marketing at Armory, to discuss the role of continuous deployment in the software development lifecycle. They highlight the challenges organizations face in implementing effective continuous integration and continuous deployment (CI/CD) processes and the importance of prioritizing the developer experience.

Kubernetes Unpacked 037: Improving The Developer Experience With Continuous Deployment (Sponsored)

In this sponsored episode of the Kubernetes Unpacked podcast, Kristina and Michael are joined by Adam Frank, SVP of Product and Marketing at Armory, to discuss the role of continuous deployment in the software development lifecycle. They highlight the challenges organizations face in implementing effective continuous integration and continuous deployment (CI/CD) processes and the importance of prioritizing the developer experience.

The post Kubernetes Unpacked 037: Improving The Developer Experience With Continuous Deployment (Sponsored) appeared first on Packet Pushers.

How Prisma saved 98% on distribution costs with Cloudflare R2

How Prisma saved 98% on distribution costs with Cloudflare R2
How Prisma saved 98% on distribution costs with Cloudflare R2

The following is a guest post written by Pierre-Antoine Mills, Miguel Fernández, and Petra Donka of Prisma. Prisma provides a server-side library that helps developers read and write data to the database in an intuitive, efficient and safe way.

Prisma’s mission is to redefine how developers build data-driven applications. At its core, Prisma provides an open-source, next-generation TypeScript Object-Relational Mapping (ORM) library that unlocks a new level of developer experience thanks to its intuitive data model, migrations, type-safety, and auto-completion.

Prisma ORM has experienced remarkable growth, engaging a vibrant community of developers. And while it was a great problem to have, this growth was causing an explosion in our AWS infrastructure costs. After investigating a wide range of alternatives, we went with Cloudflare’s R2 storage — and as a result are thrilled that our engine distribution costs have decreased by 98%, while delivering top-notch performance.

It was a natural fit: Prisma is already a proud technology partner of Cloudflare’s, offering deep database integration with Cloudflare Workers. And Cloudflare products provide much of the underlying infrastructure for Prisma Accelerate and Prisma Pulse, empowering user-focused product development. In this post, we’ll dig into how we decided to extend our ongoing Continue reading

Day Two Cloud 215: Highlights From The Edge

Today's Day Two Cloud covers highlights from a recent Edge Field Day event. Ned Bellavance was a delegate at the event and will share perceptions and insights based on presentations from the event. Topics include a working definition of edge, the constraints of hosting infrastructure in edge locations (power, space, network connectivity and others), and operational models for running software and services in these environments.

Day Two Cloud 215: Highlights From The Edge

Today's Day Two Cloud covers highlights from a recent Edge Field Day event. Ned Bellavance was a delegate at the event and will share perceptions and insights based on presentations from the event. Topics include a working definition of edge, the constraints of hosting infrastructure in edge locations (power, space, network connectivity and others), and operational models for running software and services in these environments.

The post Day Two Cloud 215: Highlights From The Edge appeared first on Packet Pushers.

The Era of Ultra-Low Latency 25G Ethernet

The Era of Ultra-Low Latency 25G Ethernet

Back in the early 2000s, store and forward networking was used by both market data providers, exchanges and customers executing electronic trading applications where the lowest latency execution can make the difference in a strategy from a profit to a loss. Moving closer to the exchange to reduce link latency, eliminating any unnecessary network hops, placing all feed handler and trading execution servers on the same switch to minimize transit time, and leveraging high-performance 10Gb NICs with embedded FPGAs all contributed to the ongoing effort to squeeze out every last microsecond to execute trades and gain a performance edge.

HS057: Technical Debt

In this podcast episode, Johna and I discuss the concept of technical debt. We provide different definitions of technical debt, with me focusing on the inability to switch solutions easily and Johna emphasizing the trade-off between immediate speed and long-term efficiency. We give examples of technical debt, such as outdated systems and insecure infrastructure, and... Read more »

HS057 Technical Debt

In this podcast episode, Johna and I discuss the concept of technical debt. We provide different definitions of technical debt, with me focusing on the inability to switch solutions easily and Johna emphasizing the trade-off between immediate speed and long-term efficiency. We give examples of technical debt, such as outdated systems and insecure infrastructure, and […]

The post HS057 Technical Debt appeared first on Packet Pushers.

AMD to acquire Nod.ai to boost open source AI software capabilities

Chipmaker AMD has announced plans to acquire open source machine learning and AI software provider Nod.ai as the chipmaker looks to expand its AI capabilities in a bid to shore up competition against AI chip market leader Nvidia.The acquisition, whose financial details have not been disclosed, is expected to bring AMD a team that can help accelerate the deployment of AI-based offerings optimized for the company’s Instinct data center accelerators, Ryzen AI processors, EPYC processors, Versal SoCs, and Radeon GPUs, AMD said in a statement.To read this article in full, please click here

Top 5 best paid survey apps

Getty Images Today's fast-paced world has seen smartphones seamlessly weave themselves into the fabric of our daily lives. The exciting part? They've also opened up new avenues for us to boost our income effortlessly. Enter the world of online moneymaking, where participating in paid surveys through mobile apps has become a game-changer. These nifty apps not only provide you with a platform to share your thoughts but also offer tangible rewards in return for your valuable time and insights.To read this article in full, please click here

IBM: Treat generative AI like a burning platform and secure it now

In the rush to deploy generative AI, many organizations are sacrificing security in favor of innovation, IBM warns.Among 200 executives surveyed by IBM, 94% said it’s important to secure generative AI applications and services before deployment. Yet only 24% of respondents’ generative AI projects will include a cybersecurity component within the next six months. In addition, 69% said innovation takes precedence over security for generative AI, according to the IBM Institute for Business Value’s report, The CEO's guide to generative AI: Cybersecurity.To read this article in full, please click here

IBM: Treat generative AI like a burning platform and secure it now

In the rush to deploy generative AI, many organizations are sacrificing security in favor of innovation, IBM warns.Among 200 executives surveyed by IBM, 94% said it’s important to secure generative AI applications and services before deployment. Yet only 24% of respondents’ generative AI projects will include a cybersecurity component within the next six months. In addition, 69% said innovation takes precedence over security for generative AI, according to the IBM Institute for Business Value’s report, The CEO's guide to generative AI: Cybersecurity.To read this article in full, please click here

1 203 204 205 206 207 3,832