6 articles
GOTRS 0.6.1 delivered two major automation systems: the GenericAgent execution engine and ACL-based access control. The Problem Manual ticket processing doesn’t scale. Agents shouldn’t spend time on repetitive tasks that follow clear rules. “If ticket is pending for 7 days, …
Read moreOpenTofu 1.7 introduced client-side state encryption—a feature the community requested from Terraform for years without success. For us, it solved a compliance problem that previously required workarounds. The Problem Terraform state contains secrets. Database passwords, API keys, and sensitive …
Read moreSolarWinds, Log4Shell, and countless smaller incidents proved that software supply chains are attack vectors. Compliance frameworks now require provenance verification. We implemented SLSA and Sigstore to meet requirements and build genuine trust. The Problem “Where did this binary come …
Read moreSecrets end up everywhere: environment variables, config files, CI systems, developer laptops. Centralising them isn’t just about security—it’s about knowing what credentials exist and who can access them. The Problem Credential sprawl was rampant. The same database password existed in …
Read moreDecember 2021 delivered Log4Shell, and the subsequent weeks were chaos. A month later, we’re reflecting on what worked, what didn’t, and what we’re changing permanently. The Problem The vulnerability itself was severe—remote code execution with trivial exploitation. But the real …
Read moreRunning multiple teams on a shared Kubernetes cluster sounds efficient until one team’s runaway pod consumes all the cluster resources. We learned this the hard way. The Problem Namespaces provide logical separation but not isolation. By default, pods in one namespace can communicate with pods …
Read more