Authenticating Github workflows with oauth2-proxy

oauth2-proxy is often used to handle user authentication for apps, however non-human users (e.g. CI workflows) are often unable to complete the OIDC flow. In this post I will show how to configure oauth2-proxy to trust Github’s OIDC provider and use that JWT to authenticate workflows and give them access to the app behind the proxy.

How to use the vault terraform provider locally and in a Github action ci workflow at the same time

In one of my the projects I manage vault resources via terraform. The main terraform pipeline runs in a Github action workflow and uses Github’s JWT to connect to vault. Meanwhile user authentication is done using vault’s OIDC auth method.

This post will show how to setup the vault terraform provider so that it uses the Github signed JWT when running in CI, and OIDC authentication when running locally.

Accessing the Github token from a Github action

For each Github action workflow, Github creates a unique Github token. This can accessed a either via the GITHUB_TOKEN secret (${{ secrets.GITHUB_TOKEN }}) or via the github context (${{ github.token }}). The docs also note that

An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action.

However the docs fall short of showing how to do it, and it took me a while to figure it out, so I’m sharing it here.

Thoughts on the future of the real estate market of Tokyo

This is a continuation of my previous post on buying vs renting in Tokyo

The future resale price of a property depends on demand: are there going to be people willing and able to purchase it? Let’s look into the forecasts affecting this. I will try my best to use official (government) statistics and forecasts, even if these are a few years outdated.

Thoughts on renting vs buying in Tokyo

Recently I’ve been thinking a lot about buying either a house or an apartment (mansion), or whether renting makes more sense for now. The primary aim of this post is to collect my thoughts, and record the decision so that I can revisit it in the future. It might also help others considering the same question, but that’s not the main intention (e.g. I will focus exclusively on my use-case and not cover other locations or sizes).