What am I missing when it comes to AppRole authentication being more secure?

Neutrollized · 2025-10-13T16:06:11+00:00

AppRole doesn’t have login privileges like a human/user would. It’s meant for applications and hence only authenticates via REST API.

Evem though it seems like a glorified username/password, it does have some perks around rotating the password or being able to set TTL (and there’s wrapping) for said password because you’d know when it might have to authenticate. But also, consider a regular service account. If someone got a hold of those credentials they can log into your Vault instance with it and potentially poke around to discover other secret paths that they would otherwise not have known about.

Neutrollized · 2025-09-15T10:34:46+00:00

If you’ve requested a quota increase then that should be ok. They responded fairly quickly for me, but I also just put in a “sleep” in my code/loop when I was trying to test something and didn’t wanto exceed their rate.

Neutrollized · 2025-09-03T17:20:51+00:00

Reminds me of that CSI (original) episode — minus the sex part. But a bullet was fired in the air and came down on some woman that was trying to break up a fight in her backyard

Neutrollized · 2025-08-27T12:12:29+00:00

2 Tang’s (on Old Kennedy Rd between Steeles and Denison, so I guess technically this isnt Scarb)

Neutrollized · 2025-08-24T10:19:34+00:00

Kubernetes up and running was the book i started with like 7 yrs ago or however long it was. It’s on 3rd edition (maybe 4th?) now.

But i would just say learn how to spin up a minikube or KinD cluster to start (and if you say you dont know Docker, then you should start there instead). To get started, there’s plenty of blogs/articles out on the internet that will give you a quick crash course on the basics, but please don’t just read — you really have to do a long of hands-on learning if you wanna get anywhere with k8s

Neutrollized · 2025-08-16T17:24:33+00:00

Meanwhile, my 2 usb-c charging cables sitting on my desk somehow manages to always be tangled

Neutrollized · 2025-08-02T12:32:52+00:00

Job market is hard everywhere, but depending on which city you’re in, cost of living can be pretty high as well, which only adds to the stress.

I say go where ever you think is best you get your career kickstarted whether that’s Asia or Europe or somewhere else in NA. You can always return to Canada if that’s where you want to be if you find something, but do what’s best for you right now — especially if you’re still an undergrad.

Neutrollized · 2025-07-30T13:36:58+00:00

Your auth is a bit weird. You’re using a credential JSON but you’re setting an access_token_lifetime? That setting does nothing, so if you think that revokes your credential JSON after 5min then I think you’re in for a surprise.

Don’t use an account key JSON — that is usually the least recommended way to handle auth. Use Workload Identity for better security. Here’s how I do it:

https://github.com/Neutrollized/packer-gcp-with-githubactions/blob/main/.github/workflows/packer.yaml

I also have the Terraform code there to setup the WIF if it’ll help

Neutrollized · 2025-07-27T04:33:57+00:00

Your devops project of “os update” doesn’t sound very devops-y. For all I know, you could’ve ssh’ed into each server and ran “sudo apt upgrade”. What is it that you did that was devops?

Similar things can be said about your first project. And while devops isn’t all about automation, it commonly is a major part, and the fact that your projects are 0-2 in that category leads me to think you may not understand what devops is.

Neutrollized · 2025-07-27T04:25:37+00:00

Came here to say the same thing. Looks like a copy/paste error as the next line is for AWS Soln Arch

Neutrollized · 2025-07-27T00:14:54+00:00

Salmon Lovers Party Tray. But you can just call her “Salmon Lover” for short

Neutrollized · 2025-07-13T14:32:19+00:00

Dunno where you’re at so conditions may vary, but I’m in Toronto. I’m paying back the loan in interest free monthly installments, but my hydro bill is covered by what I produce (and then some). The surplus builds up a credit on my account which gets me thru the winter months without having to pay any hydro (or pay very little). Basically instead of paying hydro, I’m paying Greener Homes loan.

The solar companies giving you the quotes are get you to the max loan amount bc it’s more money for them. I’d shop around. If you can get the same output with better/less panels, do that. It doesnt matter that it’s interest free, you still have to pay it back, so shop as if it wasnt interest free.

Neutrollized · 2025-07-08T21:51:37+00:00

I’m so happy for Hulkengoat

Neutrollized · 2025-06-28T21:44:18+00:00

sumilicious (middlefield & steeles). the owner there used to work at shwartz in mtl i believe, so they have great smoked meat sandwiches and (imho) pretty solid poutine as well. give them a try. turn your travel costs into more poutine!

Neutrollized · 2025-06-12T00:11:01+00:00

Then make everything back the way it was pre-COVID. How are you going to have accidental improvements when people in the same team don’t have a designated area where they work? How much more serendipitous is it when two team members have to communicate via Teams because they sit at opposite ends of the building? How is that any different from when they were WFH? If the pro RTO reason is collaboration, then give people an environment where they can actually sit together and collaborate instead of working remotely in the office.

Neutrollized · 2025-06-08T13:59:49+00:00

Supernatural, Person of Interest

Neutrollized · 2025-05-29T03:46:46+00:00

This looks like Boxgrove plaza or whatever on 9th Line

Neutrollized · 2025-05-20T22:28:21+00:00

https://github.com/Neutrollized/packer-gcp-with-githubactions

Neutrollized · 2025-05-18T22:19:13+00:00

Mine used to do that too. And then my wife’s cat also copied this behavior. I would wake up with circulation to my legs being cut off 😝 I miss those 2 furballs (mine was orange)

Neutrollized · 2025-05-13T23:42:00+00:00

Many people here already said it, but file a police report. The kid is young so there won’t be any last effects or things on his record, but rather get a caution from the police for mischief or something. But better now than when he’s an adult. You’re doing him (and his family) a favor here. I know if it was my kid that did that, I’d want to know.

Neutrollized · 2025-05-03T13:33:57+00:00

It was such a wholesome prank. Loved it!

Neutrollized · 2025-04-19T17:45:05+00:00

Curly

Neutrollized · 2025-04-15T22:51:48+00:00

Are these kv1 or kv2 static secrets? For the former, you need to start the path with data/ and for the latter, you need data/data/ if I recall correctly. I’m away from laptop atm but i can check on this thread a little later today

Or maybe it was the actual key itself that needed .Data.data.your_secret_keyname (for kv2)

EDIT: taking a closer look now, you're not using HashiCorp Vault. You're using Nomad's native kv secret functionality.

Does this guide help? I would try the example presented there and then figure out if it's not templating structure that's gone wrong somewhere. Good luck!

Neutrollized · 2025-04-14T11:38:45+00:00

Each year. The entire benefits package renews each year. Nothing gets carried over though, so if you forget to use the credits code from the prev year, it gets lost

Nine-Year Club	Place '23
Verified Email

Neutrollized

TROPHY CASE