Minimal CA with Nitrokey

I’ve been using nitrokey’s for personal key management for several years. They can be a little big hard to use since there isn’t much in the way of documentation other than “go and use xca”. Which while is good advice, doesn’t address more advanced setups where the signing operation itself is the bit that matters.

I wanted to use purely command line tools with as minimal configuration as possible and does not use the hard disk so that signing operations may realistically happen from an ephemeral live booted device with no persistant storage.

I am performing a reset of this site. Originaly i blasted out lots of tools that didn’t really reflect what i wanted to make of this website going for quantity over quality. I have removed those pages now since I decomissioned the service quite a while ago.

Kubernetes CI/CD rollout restart

Creating a kubernetes credential with permissions to restart deployments. This is useful in CI/CD systems that are to restart a deployment for example when a new image has been pushed to a registry

Create a kubeconfig to authenticate against kubernetes cluster

We will be using token auth as opposed to mtls. First we need a service account

kubectl -n default create sa test-sa

Create long lived token for sa. This command makes the token valid for 10 hours but you can set it to be valid for however long you require.

Hello World

New site powered by hugo