In a previous post, I described a use case for customer provided keys with Vault. One of the implications of this was the need for decryption after a bulk data export. In that post, I gave a concrete example of decrypting Vault ciphertext directly with a customer provided key. However …
Atomically Idempotent
Recently, I was analyzing some initialization code in Go with a teammate. The value being initialized was meant to be used in concurrent Go, so initialization had some requirement of atomicity. The code essentially boiled down to:
func (t *T) Start() {
if atomic.LoadInt32(&t.State) == Started {
return // Early Exit …
Wrapping Behavior of context.WithValue()
Motivation
Throughout the Go monorepo we use context.WithValue()
to "stash" a global
value on a root context. For example
ctx = logger.WithLogger(ctx, log)
// ... later ...
log := logger.GetLogger(ctx)
The implementations for stashing a logger.Log
are in the same general form
as most context wrapping helpers:
type loggerKey …
Setting Per-Connection Timeouts with TypeORM
PostgreSQL Statement Timeout
For most applications that use a database, user-facing queries must
complete in a reasonable amount of time. In order to ensure a maximum
query time, PostgreSQL supports a statement_timeout
which will cause a
query to be cancelled if it exceeds the timeout:
$ psql
monsters_inc=> SHOW statement_timeout;
statement_timeout …
Importing External Keys into Vault
Contents
Motivation
To understand why it's helpful to import external keys into Vault, it's important to understand
- How and why encrypted data is stored in databases
- How Vault provides features that aid in encrypting and decrypting data
- Reasons for data …