_synack

joined 5 months ago
sorted by: new top controversial old
Steampipe: How to secure API credentials? in c/[email protected]
[–] [email protected] 4 points 10 hours ago* (last edited 9 hours ago)

I’ve heard this related to Gaussian blur and it’s obviously possible with pixelation that uses a large number of smaller pixels, but I would honestly love to see someone demonstrate reversal of the pixelation I used here.

In any case the pixelated credentials were for limited, read only access for testing and the API client was already deleted before I posted the image.

I appreciate the concern and feedback in any case.

Steampipe: How to secure API credentials? in c/[email protected]
[–] [email protected] 1 points 10 hours ago* (last edited 10 hours ago) (1 children)

I saw someone mention it as an alternative to using Orca or Wiz for compliance use cases. I just wanted to check it out. I was attempting to run it locally rather than as a service with configuration via pipeline.

Steampipe: How to secure API credentials? in c/[email protected]
[–] [email protected] 1 points 11 hours ago* (last edited 11 hours ago) (3 children)

It seems you have a lot of experience with the tool. Can you recommend any resources that teach more advanced use cases and configurations? I'm finding that just reading the docs, playing with it, and watching the YouTube videos I found aren't really doing it for me. Most of the materials I'm finding are about AWS, but that's not relevant to me.

10
Steampipe: How to secure API credentials? (sh.itjust.works)
submitted 1 day ago* (last edited 1 day ago) by [email protected] to c/[email protected]
9 comments fedilink
 

I learned of the existence of steampipe recently, which seems to be an interesting tool to help teams - including cybersecurity teams - understand their cloud assets and ensure compliance with security policies.

I started playing around with it, and one thing that struck me immediately is the need to store API credentials for the various plugins in plaintext in JSON files in your user profile. This struck me as incredibly insecure, especially given that the default UNIX permissions on the files seem to be 644.

Does anyone know if there is a way to store and dynamically retrieve these API credentials more securely, such as in a remote key store like AWS Secrets Manager or Azure Key Vault? I spent awhile searching and watching some YouTube videos, but didn't come across a method to do this.

ARMADILL-NO in c/[email protected]
[–] [email protected] 37 points 1 day ago

Armadillos also can carry leprosy, so this is sound advice on multiple levels.

Rolling coal in c/[email protected]
[–] [email protected] 7 points 2 days ago

No the reason was already mentioned earlier. Europe mandates a relatively short overall maximum vehicle length whereas the US mandates a maximum trailer length. So European trucks are almost always cab over design to maximize trailer length.

Rolling coal in c/[email protected]
[–] [email protected] 7 points 2 days ago (1 children)

That truck was from 1985, but I know what you mean. That truck was awesome!

At least the Ford Maverick is something that exists. I know it’s based on an Escape platform, but that’s fine for most uses of trucks that size.

Barack Obama celebrates 15 year anniversary of ACA by joining BlueSky in c/[email protected]
[–] [email protected] 9 points 2 days ago

Ultimately, even Democratic politicians are beholden to wealthy donors, including those associated with the health insurance industry.

In this post-Citizens-United world, the only way to make real change is to have a bunch of people willing to not hold onto power to do the right thing simultaneously. Sadly, the likelihood of that happening is vanishingly small.

Tonight's game in c/[email protected]
[–] [email protected] 2 points 5 months ago

Supporters Shield!!!

What a game! Huge game by Messi and Callendar.