C.J. May
@lawndoc.cjmay.info
I assume 3rd party CNAs will continue to function? This is about to get messy either way, though...
April 15, 2025 at 6:24 PM
I assume 3rd party CNAs will continue to function? This is about to get messy either way, though...
My team calls it "eating your vegetables" 🥦
March 26, 2025 at 8:47 PM
My team calls it "eating your vegetables" 🥦
I'm impressed that it changed the facial expression of the woman to match the context of her text
March 26, 2025 at 8:46 PM
I'm impressed that it changed the facial expression of the woman to match the context of her text
My coworkers and I bring this one back up at least twice a year
February 21, 2025 at 11:19 AM
My coworkers and I bring this one back up at least twice a year
I see. Another thing you could look into is Infisical which is a pretty intuitive self hosted secret manager. I just wrote a blog post for them that shows how to set it up and use their CLI for just-in-time ENV injection. Which works if you're manually running commands
infisical.com/blog/self-ho...
infisical.com/blog/self-ho...
Self-Hosting Infisical: A Guide to Securing Your Homelab's Secrets
Learn how to self-host Infisical to secure your homelab secrets. Step-by-step tutorial covers Docker deployment, backup key protection, and just-in-time secret injection.
infisical.com
February 15, 2025 at 3:42 PM
I see. Another thing you could look into is Infisical which is a pretty intuitive self hosted secret manager. I just wrote a blog post for them that shows how to set it up and use their CLI for just-in-time ENV injection. Which works if you're manually running commands
infisical.com/blog/self-ho...
infisical.com/blog/self-ho...
Not sure what you're working with, but most CI platforms are able to issue short lived JWTs to jobs that securely attest what the job is so you can federate access with OIDC. Might be worth looking into if you haven't already. Or it might not be possible as you said without platform support.
February 15, 2025 at 3:01 PM
Not sure what you're working with, but most CI platforms are able to issue short lived JWTs to jobs that securely attest what the job is so you can federate access with OIDC. Might be worth looking into if you haven't already. Or it might not be possible as you said without platform support.
Have you tried using OIDC auth to access the vault with a machine identity? IMO that's the best solution to the "recursive secrets" problem
February 15, 2025 at 2:48 PM
Have you tried using OIDC auth to access the vault with a machine identity? IMO that's the best solution to the "recursive secrets" problem
It's so easy to use, our high school intern with zero previous Linux experience has been able to use it in our lab to document what we detect and what our gaps are.
It's been a great project for him to learn about Linux and detection engineering.
It's been a great project for him to learn about Linux and detection engineering.
February 4, 2025 at 4:22 PM
It's so easy to use, our high school intern with zero previous Linux experience has been able to use it in our lab to document what we detect and what our gaps are.
It's been a great project for him to learn about Linux and detection engineering.
It's been a great project for him to learn about Linux and detection engineering.
There are way too many acronyms and buzzwords in the identity security space...
I'm writing an article for a client that I could literally title:
"PKI, APIs, JWTs, and SSH: The IAM challenges of Zero Trust ILM for NHIs"
I'm writing an article for a client that I could literally title:
"PKI, APIs, JWTs, and SSH: The IAM challenges of Zero Trust ILM for NHIs"
February 1, 2025 at 5:44 AM
The hardest part of writing this blog post is to not sound like I'm vomiting buzzwords like an auditor who pretends to understand how security works
February 1, 2025 at 5:42 AM
The hardest part of writing this blog post is to not sound like I'm vomiting buzzwords like an auditor who pretends to understand how security works
Accurate 😂 and optionally buy a domain
January 31, 2025 at 12:03 AM
Accurate 😂 and optionally buy a domain
And lots of times things get re-invented
January 25, 2025 at 2:21 PM
And lots of times things get re-invented
Nothing is "old school" if it still works 🤷
January 25, 2025 at 2:20 PM
Nothing is "old school" if it still works 🤷
Really appreciate the content and tooling you contribute to the community. Congrats on 5 years!
January 25, 2025 at 2:15 PM
Really appreciate the content and tooling you contribute to the community. Congrats on 5 years!
I worry what it will do to entry level positions, which will in turn raise the bar for someone to get a job that can't be automated with AI agents. I agree that there will always need to be qualified human oversight, but how do those people get trained?
January 25, 2025 at 2:09 PM
I worry what it will do to entry level positions, which will in turn raise the bar for someone to get a job that can't be automated with AI agents. I agree that there will always need to be qualified human oversight, but how do those people get trained?
I think the difference between authn and authz in general is commonly misunderstood
January 25, 2025 at 2:06 PM
I think the difference between authn and authz in general is commonly misunderstood
"trust, but verify" 💯
January 25, 2025 at 2:03 PM
"trust, but verify" 💯