The most dramatic news last week arguably was Amazon's new Open Distro for Elasticsearch, and Elastic's public response. We're not really into dramas though - especially ones involving inadvertently exposed secret keys. Our webinar next week is all about secrets management, in which we'll cover AWS KMS and Hashicorp Vault. Sign up to watch it live or get a recording here:
Jeff Meyerson of Software Engineering Daily podcast recently interviewed Shimon Tolts for a straight talk on DevOps. They covered what DevOps is, how a developer's responsibilities have changed over the years to include QA and deployment, whether infrastructure-as-code is a good thing, best practices for Git repositories management, and more.
Building applications today is incredibly complex, and a great deal of that complexity is accidental, said Paul Biggar. He contends infrastructure, deployment, API, "code-as-text" complexities are all out of control, and asks: "Why is it that to build an application today we need to learn Kubernetes, Docker, Git, load balancers, dozens of AWS services, SQL, npm, Heroku, DNS, memcached, Nginx, and the rest of the endless list of tools and technologies that each provide one part of an application?"
Like its counterpart DevOps, which means to bridge the gap between development and operations, DevSecOps means to bridge the gap between development, security, and operations. In this article, Matty Jones from Salesforce Engineering focuses on the human element and how common interactions between developers and security teams can be made easier and more productive.
In this tutorial, Roman Labunsky shared tips on writing Github Actions using Node.js to automate git workflows, including useful tools he used and gotchas owing to the differences between a typical Docker container and Github's runtime environment.
The Engineering team at New York Times built their own library for easing the use of Hashicorp Vault for managing secrets in Google Cloud's serverless solutions. They were having to inject secrets as environment variables at deployment time, and users were able to see these secrets in plain text.
P.S. Speaking of secrets, we at Datree have a strong opinion - check out this upcoming webinar on how to manage secrets in your code.