rokpotoToday, I’ll demo a sample Go Docker CI pipeline in GitLab. The pipeline will run on a sample Go containerized app. Hence the name Go Docker. If you later find this article useful take a look at the disclaimer for information on how to thank me.
So you want to use secrets stored in Ansible Vault in your Python apps. Let’s see how to do that. If you later find this article useful take a look at the disclaimer for information on how to thank me.
If you are not familiar with Ansible Vault, go over the brief introduction below.
So, you might already know that storing secrets in your source code is bad. Yet, your app uses secrets and must store them in source code repository. What can you do? You can opt for a fully fledged secret storage solution (e.g. HashiCorp Vault). Yet, this is an overkill for a simple app using secrets. What can you do? The simplest thing that comes to mind is encrypting the secrets and keeping them encrypted under source control. Ansible Vault allows just that.
vault.yml file and add your secrets in yaml format as below:secret_name1: val1
secret_name2: val2multi_password_file. Add the password to the vault to the file and add it to .gitignore. This is the password which will encrypt the vault. Remember that if you lose this password file, you won’t be able to decrypt your Ansible vault.ansible. Installing it will install ansible-vault binary as well and add it to your PATH.ansible-vault encrypt vault.yml --vault-password-file multi_password_file to encrypt your vault. Afterwards, vault.yml will start with $ANSIBLE_VAULT;1.1;AES256 and will contain just numbers.ansible-vault decrypt vault.yml --vault-password-file multi_password_file to decrypt the vault. Then you’ll see your secrets in clear text. You can safely commit vault.yml to source code repository. Now, let’s assume you want to use the secrets from Ansible Vault in your Python app or script. How can you read it? You can do that using ansible-vault package. Then use below Python code for reading the vault:
from pathlib import Path
from ansible_vault import Vault
vault = Vault((Path('multi_password_file').read_text()))
data = vault.load(open('vault.yml').read())
data is Python dictionary which contains the Ansible vault secrets in clear text which your app/script can use.
That’s it about using Ansible Vault in Python. As always feel free to share. If you found this article useful, take a look at the disclaimer for information on how to thank me.
You can also find below articles useful:
Recommended Kubernetes books on Amazon:
I already covered how to test helm charts and different tests you may want to run. Today, I’ll focus on helm charts acceptance tests. If you later find this article useful take a look at the disclaimer for information on how to thank me.
Today, I’ll demo Kafka producer and consumer written in Python. We’ll see a fully working demo of producer and consumer running against Kafka in a docker-compose stack.
If you later find this article useful take a look at the disclaimer for information on how to thank me.
If you developed modern CI/CD pipelines you probably stumbled on the need to auto tag releases with semantic versions. Today I’ll show how to do that automatically and which tools may help to achieve automatic tagging releases with semantic versions.
If you later find this article useful take a look at the disclaimer for information on how to thank me.
Today, I’ll show how to create Kubernetes cluster on Linode using CLI. It might be useful, for instance, for CI/CD, automation processes, etc…
If you later find this article useful take a look at the disclaimer for information on how to thank me.
Today, I’ll show how to create and use Kubernetes operator using Ansible. I’ll also explain why to use Kubernetes operators and their relation to Kubernetes CRDs. As always, I’ll show a demo. If you later find this article useful read the disclaimer on ways to thank me.
In this post we’ll see how and why to use GitLab self-hosted runners. As always, I’ll show a practical demo of GitLab self-hosted runner which runs jobs in CI/CD pipelines. If you later find this article useful take a look at the disclaimer for information on how to thank me.
Today, I’ll show Podman Jenkins agent assuming Jenkins runs on Kubernetes. We’ll see Podman agent’s Dockerfile and CI/CD pipeline using it.
If you later find this article useful take a look at the disclaimer for information on how to thank me.
Have you considered migration from Jenkins to GitLab? While working on CI/CD pipelines in Jenkins, you probably didn’t like coding them in Groovy. You wondered if any simpler CI/CD platform exists where you just have to worry about what commands to run in the pipelines. We’ll review important things to consider while planning migration from Jenkins to GitLab.