DevOps Bulletin’s Post

GitHub had a clever "chicken and egg" problem: needing GitHub to deploy GitHub! 🐔🥚 They're solving tricky circular dependencies in deployments by using eBPF to selectively block problematic network calls. What's even cooler? They can trace those blocked requests back to the specific command. Super smart for safer deployments and faster incident recovery! #eBPF #DevOps

Unlock zero-trust policy ✈️ The SUSE Security Admission Controller is now GA, delivered through the SUSE Application Collection. Built on Kubewarden and powered by WebAssembly (Wasm), this enterprise-grade solution redefines Kubernetes policy enforcement: ✅ Write policies in familiar languages (Go, Rust, JS, TypeScript, C#) ✅ Preserve existing OPA/Gatekeeper policies with Wasm compatibility ✅ Simplify audits with SBOMs, SLSA-3 provenance & centralized governance ✅ Enterprise support with trusted, lifecycle-managed delivery 👉 End security sprawl and accelerate innovation with developer-friendly, zero-trust policy enforcement at scale: https://okt.to/Vb0ZlJ #SUSE #Kubernetes #CloudNative

Unlock zero-trust policy ✈️ The SUSE Security Admission Controller is now GA, delivered through the SUSE Application Collection. Built on Kubewarden and powered by WebAssembly (Wasm), this enterprise-grade solution redefines Kubernetes policy enforcement: ✅ Write policies in familiar languages (Go, Rust, JS, TypeScript, C#) ✅ Preserve existing OPA/Gatekeeper policies with Wasm compatibility ✅ Simplify audits with SBOMs, SLSA-3 provenance & centralized governance ✅ Enterprise support with trusted, lifecycle-managed delivery 👉 End security sprawl and accelerate innovation with developer-friendly, zero-trust policy enforcement at scale: https://okt.to/Shot2f #SUSE #Kubernetes #CloudNative

Unlock zero-trust policy ✈️ The SUSE Security Admission Controller is now GA, delivered through the SUSE Application Collection. Built on Kubewarden and powered by WebAssembly (Wasm), this enterprise-grade solution redefines Kubernetes policy enforcement: ✅ Write policies in familiar languages (Go, Rust, JS, TypeScript, C#) ✅ Preserve existing OPA/Gatekeeper policies with Wasm compatibility ✅ Simplify audits with SBOMs, SLSA-3 provenance & centralized governance ✅ Enterprise support with trusted, lifecycle-managed delivery 👉 End security sprawl and accelerate innovation with developer-friendly, zero-trust policy enforcement at scale: https://okt.to/TqRn6c #SUSE #Kubernetes #CloudNative

Just had a highly productive hands-on session diving into the core concepts of Docker! 🐳💻 Instead of just reading the theory, I spent some time directly in the terminal experimenting with containers and exploring how they work under the hood. Here is a quick breakdown of what I accomplished today: 🔍 Explored the CLI: Started by digging into the Docker CLI using --help to understand the vast array of commands available for images and containers. 📥 Pulled Images: Successfully pulled the official nginx:latest image from Docker Hub. 🚀 Container Lifecycle: Experimented with running containers in the foreground, stopping them gracefully, and then running an Nginx container in detached mode (-d) with a custom name (--name hitesh-nginx). 🕵️♂️ Inside the Matrix: Used docker exec -it hitesh-nginx bash to jump straight into the running container's shell. 📂 Navigating the OS: Navigated through the internal Linux file system to locate the default web root directory for Nginx (/usr/share/nginx/html). Even made the classic developer mistake of trying to cd into the index.html file before realizing my typo! 😂 Every time I get hands-on with Docker, I'm amazed by how lightweight and isolated these containerized environments are. Building muscle memory in the terminal is definitely the best way to learn. #Docker #DevOps #LearningInPublic #Nginx #Linux #TechJourney #SoftwareEngineering DevOps Insiders

Want to migrate Container Images between registries Without Docker or Privileged Access? Use Skopeo Why not just retag with the Docker client? 🤔 * Using the Docker client means exposing the Unix socket of the Docker Daemon * And that effectively grants root-level control over the host In secure setups, this is often unacceptable ❌ The key realization is: Pushing and pulling container images is just an HTTP operation (OCI registry API); no namespaces, no cgroups, no daemon required. 👉 So, moving container images doesn’t actually require a container runtime. 💡 Skopeo can also be run safely within containers, no need for docker-in-docker, no need to mount the unix socket either. Project's link on Github 👇 https://lnkd.in/dSx2UiMk #devops #skopeo #docker

𝗠𝗮𝗻𝗮𝗴𝗶𝗻𝗴 𝗺𝘂𝗹𝘁𝗶𝗽𝗹𝗲 𝗚𝗶𝘁𝗛𝘂𝗯 𝗮𝗰𝗰𝗼𝘂𝗻𝘁𝘀 𝘀𝗵𝗼𝘂𝗹𝗱𝗻’𝘁 𝗯𝗲 𝘁𝗵𝗶𝘀 𝗽𝗮𝗶𝗻𝗳𝘂𝗹… 𝗯𝘂𝘁 𝗶𝘁 𝗶𝘀. Over the past few months, I kept running into a frustrating issue: using work + personal GitHub accounts on the same machine without breaking SSH or mixing identities. So I built a clean, repeatable SSH setup that solves the following: • Authentication conflicts • Wrong-account commits • Broken push/pull workflows What’s inside the guide: • Separate SSH keys per account • Smart aliasing via ~/.ssh/config • Per-repo Git identity setup • Quick debugging checks The goal was simple: 👉 Make it predictable and production-safe—not just “works on my machine." If you’ve ever pushed code from the wrong account… you know the pain. 😅 🔗 GitHub repo: https://lnkd.in/dFH75WvV If this helps, consider giving the repo a ⭐ #github #git #ssh #developers #webdev #softwareengineering #opensource

Introducing Secrets Kit v0.9.0. Most local environments are full of secrets scattered across .env files, shell startup scripts, copied commands, and project directories. Somehow they still find their way into your GitHub repo... or worse, you wake up to a $372k OpenAI API bill. Secrets Kit is a macOS CLI that pulls those values out of plain text and into the system Keychain, keeps non-sensitive metadata in a local registry, and only exports environment variables when a runtime actually needs them. It is not a vault service and it does not claim perfect security. It is a practical step toward fixing secret sprawl and improving local security hygiene without changing how real workflows operate. Useful for agent runtimes, local UIs, shell workflows, and development stacks that still rely on environment variables but should not rely on secrets living all over the filesystem. Project write-up: https://lnkd.in/guU3S45z I solve problems. Do you have a problem that needs solving? @unixwzrd #SecretsManagement #MacOS #SecurityHygiene #DeveloperTools #LocalOps #AgentWorkflows

Secrets Kit v0.9.0 is live. This came out of a simple problem: too many secrets end up scattered across `.env` files, shell configs, and random project directories. It always bothered me that tokens, API keys, and passwords end up living in plain text all over the place - especially inside project directories. Then when they expire or need rotation, good luck finding all of them. This tool moves them into Keychain, keeps things organized locally, and only exposes them when something actually needs them. Nothing fancy. Just a better way to handle something we all deal with. I solve problems. Do you have a problem that needs solving? @unixwzrd #DevOps #CyberSecurity #InfoSec #SoftwareEngineering #BuildInPublic #IndieDev #Automation #CLI #Unix #Privacy

While working on a project, I constantly needed to peek at code from other other repos: check an API signature, read a config file, understand how a library structures things etc. Every single time, the workflow was the same: open browser, navigate to GitHub, find the file, read it there or clone the entire repo just to read one file, then delete it later. I never wanted to leave my terminal. What if I could just cd into a repo link and browse it like a local directory? So I built cdrepo. cd repo_link; that's it. Open source: https://lnkd.in/gWaxA6sQ #cli #github #rust #gh #terminal