In this article, I will detail how to use Vault JWT auth mode to isolate the secrets of two different deployments in the same Kubernetes cluster. This will be done by using two different Kubernetes Service Accounts, each of which generates unique JWT that are tied to a different Vault role. JWT auth mode is … Vault: JWT authentication mode with multiple roles to isolate secrets
When a GitLab CI/CD pipeline needs to persist job output or a rendered report, it will typically save it as an artifact on the job, or perhaps write it to an external storage service or as a GitLab Release archive. But it is also capable of pushing this file to its own git repository, stored … GitLab: add files to source repository as part of GitLab pipeline
Before Kubernetes 1.24, the creation of a KSA (Kubernetes Service Account) would also create a non-expiring secret, where the token controller would generate a token that could be used to authenticate into the API server. As a quick example of the legacy behavior on Kubernetes < 1.24, notice how the creation of a service account … Kubernetes: KSA must now create secret/token manually as of Kubernetes 1.24
Google’s API supports OAuth2 and OIDC, and can be used to both authenticate and authorize users. In this article, I will show how to use the Google web console to configure an Application that can support OAuth2/OIDC. We will then use a small, local Docker image to implement the Client Application side and smoke test … OAuth2: Configuring Google for OAuth2/OIDC
Github allows users or systems to access their API via OAuth2. Although this mechanism is often used on the public internet for authentication of users into a 3rd party site, note that OIDC is not implemented. In this article, I will show how to use the Spotify Dashboard to configure an Application that can support … OAuth2: Configuring Github for OAuth2
The Cloud Foundry CLI makes it easy to authenticate into a target API endpoint to consume the Cloud Controller API (CAPI). The “cf login” command allows you to pass or interactively provide the user, password, org, and space. Once logged in, if you want to run raw commands, the “cf curl” can execute a request … CloudFoundry: Authenticating and running CF API commands using curl