Public Key Infrastructure 2 of 3 – Certificate Automation

Following the last post on PKI, we’ll discuss automation of certificate issuance. Two key activities to automate are: validation of the requestor and issuance of the certificate. Validation Validation isn’t always required. For private CAs, the trust boundary does not go beyond the internal engineering team, there is little incentive to perform any validation. AWS … Read morePublic Key Infrastructure 2 of 3 – Certificate Automation

Public Key Infrastructure 1 of 3 – Basics

In 2021, I wrote an intro to Public Key Infrastructure (PKI). Now that I have to host my own certificate authority, I decide to dive a little deeper into PKI in this series of posts. In software testing scenario, we need to issue (and recycle) a lot of certificates, and manage their lifecycle events such … Read morePublic Key Infrastructure 1 of 3 – Basics

A dog parent’s psychological curve

Lola is a girl name, of Spanish origin meaning “sorrows.” She is 15 month old now, weighing around 30 pounds. She is a mini goldendoodle, an F1B mix between poodle and golden retriever, with a straight coat. We like to cut her hair short for low maintenance and the retriever look. She’s playful, docile, smart and … Read moreA dog parent’s psychological curve

Workload Identity on Kubernetes 2 of 2 – EKS

I discussed in my previous post on workload identity and dived into how it works in AKS (Azure Kubernetes Service). In this post I will continue the topic with AWS as the example. From the perspective of CSP, we consider any running process on the cloud resource as workload. Therefore, I’ll start with control plan … Read moreWorkload Identity on Kubernetes 2 of 2 – EKS

Workload Identity on Kubernetes 1 of 2 – AKS

As applications are moved to the cloud, the application workload hosted on virtual machines need to interact with cloud resources. For this, we need an IAM solution with two mechanisms: CSPs such as Azure and AWS have their own implementations of the two mechanism. In Azure, we have Entra workload identity (including service principal and … Read moreWorkload Identity on Kubernetes 1 of 2 – AKS

WordPress Security Basics

Background In 2019, I moved this site to WordPress hosted on an Amazon Lightsail instance. There were few visits at that time so I lived with the single-server architecture. The website traffic has since been in steady growth but I have been too busy to catch up with the WordPress security setup. In July 2023, … Read moreWordPress Security Basics