Contents

• Motivation
• "Importing" via Restore
• Decrypting Exported Ciphertext
• Key Backup Format

Motivation

To understand why it's helpful to import external keys into Vault, it's important to understand

• How and why encrypted data is stored in databases
• How Vault provides features that aid in encrypting and decrypting data
• Reasons for data …

TL;DR: Using the ca field to specify custom CAs (certificate authorities) in Node.js is a footgun. It replaces (rather than appends to) the root trust store which can lead to unintended consequences. I've seen this behavior cause outages in production when a third party server does a routine …

This is a story of a brief outage caused by a slightly unintuitive API¹ that has some very sharp corners for the uninitiated. The outage, though brief, was of the "wake up at 4am" variety so the lesson was especially salient.

This is not a post trying to tear …

The "obvious" way to write a custom GitHub Action is using Node.js, however it's not the only way. As it turns out, a GitHub Action really just communicates with the "orchestrator" via environment variables (as inputs) and STDOUT (to produce custom outputs).

Options

When defining an action, there are …

This is a tiny little note that can help with debugging in some situations. We'll use netcat (nc) to view the raw data sent to and returned from an HTTP server¹.

Capture a Request

We'll run a dummy listener via nc and directly inspect the body of an HTTP …