• Vault and TFE - Fun with Dynamic Secrets for GCP

    (12 May 2020)
    One topic that always comes up is how to handle GCP Service Account keys. What are they, what do they have access to, how do we manage them, and so forth. It is always a sensitive subject due to the risks associated if not appropriately handled. This post is a look at how we can use Vault's GCP Secrets Engine to dynamically generate service account keys and provide a central location to manage key rotation, and what access is granted with that key.
  • Terraform Enterprise, Workspaces and GitHub Repositories

    (01 May 2020)
    Code reusability is a much sought-after goal of organizations and developers alike. The idea conjures the idea of high-efficiency, resulting in reduced bugs, reduced operational support load, and most importantly, reduced time to market. The thing I see over and over again is locally cloned repositories, locally cloned Terraform modules, and hardcoded variable values within repos. All of these the enemy of efficiency and standardization. This blog is a quick look at how you can leverage Terraform Enterprise to set variables at a workspace level, allowing an organization to create a many to one relationship between Terraform Enterprise Workspaces and GitHub repositories.