Recently, I was working with Terraform and wanted to create a resource that required a password. Normally, we would either supply the password from the vault via data resource or pass it via a variable at runtime in CI, but this got me thinking that if the primary goal is to avoid hardcoding secrets, the state file will still contain the password in plain text.

That led me to learn about ephemeral resources and Terraform's write-only arguments feature. Not only can you generate random secrets or provide secrets to resources, but you can also update them without storing them in the state file.

You might have heard of the trade-off between security and usability. It's true that a computer without a password is usable but not very secure. On the other hand, a computer that makes you re-authenticate every 5 minutes with a password and TOTP code may be secure but not very usable.

I faced a similar situation. I was tasked with configuring SSH to use Multi-Factor Authentication (MFA). While this was relatively straightforward, the real challenge was automating it in CI/CD pipelines that relied on SSH to access the target server.

I recently faced an interesting challenge while migrating a legacy web application. It was developed using Node.js 10, and I needed to upgrade to Node.js 20 to fix some security vulnerabilities. I expected the process to be smooth, but I didn't consider that we were using Ubuntu 16.04, which could cause problems.

In this blog post, we will conduct a thorough malware analysis of a malicious React app that was referenced in my recent LinkedIn post. All relevant files for this analysis are conveniently hosted within my GitHub repository. For understanding each file's contents and purpose, I encourage you to refer to the README document.

This is the part 2 of the RTK Query series. In this part, we'll dive into how to inject Query/Mutation API endpoints and integrate them into our code. If you haven't read part 1, i'll highly recommend you to check it out here

As a developer, if you've used React before, you might have relied on useState or useEffect hooks to fetch data from APIs and then stored that data in a Redux store for state management. While this approach may work well for small projects, it can quickly become inefficient and lead to performance issues when building larger-scale web applications. That's where Redux Toolkit Query comes in to simplify your API calls and help you focus on building great user experiences.

Terraform is an open-source infrastructure as a code tool created by HashiCorp for building, changing, and versioning infrastructure safely and efficiently. It enables defining an infrastructure using application software best practices. Along with that, it is compatible with many clouds and services like AWS, Azure, Kubernetes and so on. The code is written in HashiCorp configuration language in a file that has .tf extension.

Kubernetes is an open-source container orchestration tool developed by Google which helps you manage containerized applications in different deployment environments like physical, virtual, cloud or hybrid etc.

When I was learning Kubernetes, almost every tutorial I saw made the use of minikube for deployment and I followed it at the time. Later on, when I wanted to test things in a production environment, I found no tutorial which covered all the aspects of self-deployment of k8 which led me to test various things on my own and write this article.