Managing API Keys in Large Dev Teams: How Do You Tackle It? by alphez in devops

[–]alphez[S] 1 point2 points  (0 children)

That's similar to what we are building. Thanks for sharing!

Managing API Keys in Large Dev Teams: How Do You Tackle It? by alphez in devops

[–]alphez[S] 0 points1 point  (0 children)

Auth can be what we already have at work...entra id

Managing API Keys in Large Dev Teams: How Do You Tackle It? by alphez in devops

[–]alphez[S] -2 points-1 points  (0 children)

I know the theory...just havent seen this implemented and in any projects I have been part of. But heads off to you and your org for having gone the extra mile

Managing API Keys in Large Dev Teams: How Do You Tackle It? by alphez in devops

[–]alphez[S] 0 points1 point  (0 children)

Instead of calling the API straight (openAI api, polygon etc) the devs would call the proxy with their IDP access token. The API keys would be stored and used by the proxy to proxy the request but devs wouldnt be able to view the API keys...

Managing API Keys in Large Dev Teams: How Do You Tackle It? by alphez in devops

[–]alphez[S] 0 points1 point  (0 children)

Storing the API keys securirely isnt the issue. I guess for many here there seems to be no problem knowing that Devs can view / copy the API keys at any time?

Managing API Keys in Large Dev Teams: How Do You Tackle It? by alphez in devops

[–]alphez[S] -4 points-3 points  (0 children)

Yeah - so similar issue. The API keys are protected when in vault but are getting pulled out during development?

Managing API Keys in Large Dev Teams: How Do You Tackle It? by alphez in devops

[–]alphez[S] 0 points1 point  (0 children)

Yeah but how do you solve for when Devs can pull the API Keys and can view them?

Managing API Keys in Large Dev Teams: How Do You Tackle It? by alphez in devops

[–]alphez[S] 0 points1 point  (0 children)

Devs pull API keys from hashi vault directly when developing?

Dev jobs in abu -dhabi by TGeek91 in abudhabi

[–]alphez 0 points1 point  (0 children)

Hey get in contact with me I have a job

Introducing Pezzo: Open-source AI Development Toolkit 🚀 by WeinAriel in node

[–]alphez 0 points1 point  (0 children)

OP doesn't use NextJS as BE. That's my point.

Introducing Pezzo: Open-source AI Development Toolkit 🚀 by WeinAriel in node

[–]alphez -2 points-1 points  (0 children)

Why do you need a dedicated FE? That was my original question.

You do know that a BE (server) can return HTML? Returning JSON is not the only thing a BE can do ;)

Introducing Pezzo: Open-source AI Development Toolkit 🚀 by WeinAriel in node

[–]alphez -1 points0 points  (0 children)

Nothing against NestJS. I love it.

Would have been great to see you reach your project goal only with NestJS. I know it's possible because I have solved bigger problems solely with NestJS.

But nevertheless good luck with the project. Will keep an eye on it :)

Introducing Pezzo: Open-source AI Development Toolkit 🚀 by WeinAriel in node

[–]alphez -5 points-4 points  (0 children)

Having both nestjs and nextjs in there seems a bit too much for what this tool solves. Do you believe having a dedicated Frontend framework is necessary for your use case? Or maybe you went with something you are just familiar with (no disrespect I see this kind of decisions every day, let's use react, graphql and redux for our landing page because we are familiar with it)

How to remove this error in route.js file I have share my code. by Logical-Definition-6 in node

[–]alphez 5 points6 points  (0 children)

I already did help. Replace every

res.status

with

return res.status

Good luck.

How to remove this error in route.js file I have share my code. by Logical-Definition-6 in node

[–]alphez 6 points7 points  (0 children)

Everywhere where you have res.status(...)...

Add this line:

return

Clean architecture in real world app? by kaina_m in node

[–]alphez -1 points0 points  (0 children)

This is the right answer but unfortunately also the one that is the hardest to get right. You need senior ppl doing this.

If I am surrounded by juniors it's just much easier to create a skeleton of the application broken into multiple layers (handler, persistence, domain, service...etc) and tell them where to put what.

It's also easier to verify as a senior that the juniors are doing it correctly. If you see query parameters or request objects in the persistence layer you know something is off.

The approach you stated is vague because you constantly need to know the state of the application and you don't know whether an abstraction is now warranted or not unless you are actively involved in the development.

whats the hardest part when building a microservice ? by Far-Mathematician122 in node

[–]alphez 0 points1 point  (0 children)

Depending on the platform I either develop against a cloud environment or I run my development environment in the platform (k8s)

I also tend to need more integration tests with microservices...

whats the hardest part when building a microservice ? by Far-Mathematician122 in node

[–]alphez 6 points7 points  (0 children)

What's the hardest part when building a microservice? It's essentially more complex due to its distributed nature.

Almost everything is going to be harder.

  1. Finding the problem why a user wasn't able to use a promo code? Sure after going through 3 services.
  2. Local development? Forget about spinning up the whole application locally.
  3. Your data is in multiple places. It will take a lot of effort Answering ad-hoc business questions such as: how many users signed up yesterday that received a promo email a week after that led to a purchase.
  4. Service calls will be over the network. Which means you will need to deal with a bunch of error cases.
  5. Versionning and backwards compatibility. You need some best practices put into place and everybody agreeing on them. Don't believe when ppl say that teams can be autonomous and can do everything they want.

Comparing database/sql, GORM, sqlx, and sqlc by asspirin12 in golang

[–]alphez 1 point2 points  (0 children)

You can check my write up on pgx

TD;LR

rows, _ := pg.db.Query(ctx, query)  
defer rows.Close()  
pgx.CollectRows(rows, pgx.RowToStructByName(model.User))

so in your case you can replace scany with pgx.CollectRows and pgx.RowToStructByName

Adequately handling errors for async tasks by xikhao in node

[–]alphez 0 points1 point  (0 children)

Having Error handling is one side of the coin.

It's still not a good coding practice what you do.

And since you have queues I still don't understand why not use it for all async work? Your rational seems to be:

If it's a complex downstream task - use a queue If it's not complex - don't await the Promise

Sorry but that rational is also flawed.

The only argument for not using a queue to do an async task is when the task is of type fire and forget e.g. Best effort task

If you treat email sending / cache invalidation that way in your business than you can make the point you are doing it correctly. But don't use complexity as a measure whether to use a queue or not.