How to use the HashiCorp Vault Secrets Plugin for Artifactory to create short-lived Artifactory tokens scoped to a specific user, without the need for an admin token. The main usecase for this is CI workflows (e.g. Github actions) that can authenticate to vault (e.g. Github’s workflow OIDC) and need access to Artifactory.
Read moreHow to indicate furusato nozei when filing taxes online. (To learn about furusato nozei, see Furusato nozei - end to end guide.)
Read moreWhat is furusato nozei, a bit of history, and how you can do it end to end. This won’t be short, but I try my best to provide the full picture with all the details. While I do my best to keep this information accurate, if you find any inaccuracies, please let me know.
Read moreoauth2-proxy is often used to handle user authentication for apps, however non-human users (e.g. CI workflows) are often unable to complete the OIDC flow. In this post I will show how to configure oauth2-proxy to trust Github’s OIDC provider and use that JWT to authenticate workflows and give them access to the app behind the proxy.
Read moreIn one of my the projects I manage vault resources via terraform. The main terraform pipeline runs in a Github action workflow and uses Github’s JWT to connect to vault. Meanwhile user authentication is done using vault’s OIDC auth method.
This post will show how to setup the vault terraform provider so that it uses the Github signed JWT when running in CI, and OIDC authentication when running locally.
Read more