https://blog.taeschnix.de/categories/development/ Recent content in Development on Täschnix Blog Hugo de-DE Sat, 11 Jan 2020 18:36:31 +0100 https://blog.taeschnix.de/posts/vaultpki/ Sat, 11 Jan 2020 18:36:31 +0100 https://blog.taeschnix.de/posts/vaultpki/ <h2 id="vault-is-much-more-then-a-simple-keyvalue-store-for-user-credentials">Vault is much more then a simple key/value store for user credentials</h2> <p>In my last post I setup up a HashiCorp Vault to store credentials like Google API-keys, username/password combinations and also my private and public key for my SSL certification authority.</p> <p>The SSL certificates are stored in vault so that they can be used within the CI/CD pipeline. They were stored as simple strings in the kv backend, which is in no way optimal.</p> https://blog.taeschnix.de/posts/ssltrouble/ Sun, 22 Dec 2019 21:24:31 +0100 https://blog.taeschnix.de/posts/ssltrouble/ <h2 id="what-changed-since-my-last-post-on-certificates">What changed since my last post on certificates</h2> <p>Since my last post almost two years ago I updated my homeserver significantly with new hardware. With this new hardware I am able to run a lot more services and thus grew the wish to access them by their own DNS name. With the wildcard certificate it was no problem to securely access them from any browser.</p> <p>Things changed when I started integrating these into the Jenkins pipelines. I got the following error message:</p> https://blog.taeschnix.de/posts/setupvault/ Thu, 28 Nov 2019 18:18:14 +0100 https://blog.taeschnix.de/posts/setupvault/ <h2 id="why-do-you-want-your-own-vault-for-your-devops-pipeline">Why do you want your own Vault for your DevOps Pipeline</h2> <p>Todo: Add some motivational stuff here</p> <h2 id="setup-using-docker-on-my-server-without-ready-the-docs-first">Setup using Docker on my server <em>without ready the docs first</em></h2> <p>As usual I setup all of the required tools as docker containers. Luckily HashiCorp provides a ready image which just needs to be started as then the UI is readily accessable on port 8200 for your HTTP-Requests. Due to some other maintenance on the server I had to reboot the server, but this is no issue as the docker container can be configured to restart automatically.</p> https://blog.taeschnix.de/posts/implement_own_ca/ Sun, 25 Feb 2018 18:19:31 +0100 https://blog.taeschnix.de/posts/implement_own_ca/ <h2 id="intention-and-original-situation">Intention and original situation</h2> <p>The move to encryption everywhere is inevitable. Soon browsers (starting with Chrome) will be blocked unencrypted HTTP requests. Google announced this in a recent <a href="https://blog.chromium.org/2018/02/a-secure-web-is-here-to-stay.html">blog post</a>. So in order to prepare for this, my own home server installation needs a proper CA and certificates.</p> <h2 id="creating-the-certification-authority">Creating the certification authority</h2> <p>I chose to use my NAS as the host for the CA for now as openssl was already installed. For the CA I followed the excellent instructions from Jamie Nguyen <a href="https://jamielinux.com/docs/openssl-certificate-authority/">(link)</a>. The detailed instructions I used to create the Root CA are detailed <a href="https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html">here:</a>. Only the Root CA will be used so I chose the less strict policy and used</p>