Posts
-
Introducing authzgcpk8stokeninjector: Seamless GCP Identity Token Injection for Envoy
We are excited to announce the launch of authzgcpk8stokeninjector, released on November 13, 2024. This new tool simplifies how applications running in Kubernetes authenticate with GCP services by automating the injection of identity tokens directly within the networking layer. What it does authzgcpk8stokeninjector is a gRPC-based Envoy External Authorization (ext_authz) service. Instead of requiring your application code to handle the complexities of GCP authentication, this service acts as a sidecar to Envoy Proxy. It leverages GCP Workload Identity Federation to...
Read article -
Introducing gcpidentitytokenportal: Simplified GCP Identity Token Vending
We are excited to announce the launch of gcpidentitytokenportal, released on November 10, 2024. This new utility provides a straightforward, web-based interface for vending Google Cloud Platform (GCP) identity tokens, removing the friction from testing and debugging services that rely on GCP identity-based authentication. What it does The gcpidentitytokenportal is designed to be a lightweight tool that allows developers to quickly generate identity tokens for specific target audiences. Whether you are testing a Cloud Run service or debugging an internal...
Read article -
Introducing goenvecho: Simplify Your Container Debugging
On November 7, 2024, we are excited to announce the launch of goenvecho, a lightweight utility designed to streamline debugging and testing in containerized environments. Introducing goenvecho goenvecho is a simple yet powerful tool that helps developers verify the environment variables active within a running container. By exposing a single HTTP endpoint, it returns all current environment variables as a clean JSON object, removing the need to manually exec into containers or sift through complex logs just to check a...
Read article -
Introducing lockboxkms: Simple, Secure Encryption via Google Cloud KMS
We are excited to announce the launch of lockboxkms, released on October 20, 2024. lockboxkms is a lightweight, web-based utility designed to simplify how you encrypt sensitive data using the Google Cloud Key Management Service (KMS). By providing a streamlined interface for encryption, lockboxkms removes the friction of interacting with complex cloud consoles or command-line tools for everyday encryption tasks. What it does lockboxkms serves as a dedicated “encryption portal” for your team. It is intentionally designed as a one-way...
Read article -
Strengthening the Foundation: authzjwtbearerinjector v0.2.0
On October 17, 2024, we released v0.2.0 of authzjwtbearerinjector. This update is a dedicated maintenance release focused on improving the internal structure and security posture of the service, ensuring a more stable and maintainable foundation for future growth. What’s new This release focuses on “under-the-hood” improvements rather than new feature flags: Architectural Refactoring: We have reorganized the internal codebase, splitting the monolithic internal package into dedicated modules for caching, configuration, JWT handling, logging, OAuth communication, and RSA operations. Dependency Updates:...
Read article -
jwt-bearer-token-vendor v1.0.1: Maintenance Update
On October 12, 2024, we released version v1.0.1 of jwt-bearer-token-vendor. This is a maintenance release dedicated to keeping our internal dependencies current, ensuring the action remains stable and compatible with the latest GitHub Actions environment. What’s new This release focuses exclusively on updating the core libraries used to build and run the action: Updated @actions/core: We’ve bumped the GitHub Actions toolkit library to version 1.11.1. Updated @vercel/ncc: The bundling tool has been updated to version 0.38.2 to ensure the distribution...
Read article -
Improving Reliability and Guidance: authzjwtbearerinjector v0.1.1
On October 11, 2024, we released v0.1.1 of authzjwtbearerinjector. This maintenance update focuses on enhancing the reliability of the token refresh process and providing clearer documentation to help users deploy and configure the service more effectively. What’s new Reliable Token Refreshing: We fixed a bug where the SOFT_TOKEN_LIFETIME defaulted to 0. It now correctly defaults to 0.5, meaning tokens are refreshed when 50% of their lifetime remains, preventing unexpected authentication failures. Enhanced Documentation: The README has been significantly expanded. We’ve...
Read article -
Introducing hellorest: The Minimalist's Tool for Infrastructure Testing
On October 10, 2024, we are excited to announce the launch of hellorest, a minimal REST API designed specifically for developers and DevOps engineers who need a predictable, lightweight service to validate their infrastructure. Whether you are testing a new deployment pipeline, verifying network connectivity, or configuring a load balancer, hellorest provides the simplest possible baseline to ensure your environment is working as expected. What is hellorest? hellorest is a trivial “Hello World” service written in Go. It does one...
Read article -
Introducing authzjwtbearerinjector: Seamless Token Injection for Envoy Proxy
We are excited to announce the launch of authzjwtbearerinjector on October 10, 2024. This new project provides a robust way to automate the acquisition and injection of OAuth 2.0 tokens into requests flowing through the Envoy Proxy, significantly simplifying how you secure your backend services. What is authzjwtbearerinjector? authzjwtbearerinjector is a gRPC-based External Authorization (ExtAuthz) service designed to run as a sidecar to Envoy Proxy. It implements the JWT-bearer flow, allowing it to act as a secure intermediary that handles...
Read article -
firestoreproto2map v0.0.4: Strengthening Build Security and Transparency
Released on September 29, 2024, firestoreproto2map v0.0.4 is a maintenance release focused on improving the project’s infrastructure. This update enhances the reliability and security of our build pipeline, ensuring that users can trust the artifacts they integrate into their Java applications. What’s new This release focuses on the “under-the-hood” machinery of the project: Build Provenance: We have integrated build provenance into our release workflow. This provides a verifiable record of how the library was built, adding a critical layer of...
Read article
subscribe via RSS