Optimizing SQLite for servers

TL;DR PRAGMA journal_mode = WAL; PRAGMA busy_timeout = 5000; PRAGMA synchronous = NORMAL; PRAGMA cache_size = 1000000000; PRAGMA foreign_keys = true; PRAGMA temp_store = memory; Read the full article: https://kerkour.com/sqlite-for-servers

<span title='2024-04-17 00:00:01 +0000 UTC'>April 17, 2024</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;JC

Ansible passbolt lookup plugin, practical examples

Last past year, I created an ansible lookup plugin for passbolt, which allow you to use passbolt as an alternative to ansible-vault to store your secrets. You can read a very complete blog post about this on passbolt offical blog. We will start this blog post with a practical example by setup a MySQL database and user with ansible and store the user password in passbolt. Let’s go. Requirements A vanilla Ubuntu server on which you will setup the MySQL database You are able to make sudo commands on this server without password A working passbolt instance Your passbolt recovery kit, aka your private GPG key You are able to connect to your server with ansible ansible -m ping your-server your-server | SUCCESS => { "changed": false, "ping": "pong" } Setup passbolt ansible lookup plugin You can install the lookup plugin with this command:...

<span title='2023-09-03 00:00:01 +0000 UTC'>September 3, 2023</span>&nbsp;·&nbsp;4 min&nbsp;·&nbsp;JC

How to use ansible vault in python scripts

Sometimes, you need to encrypt data such as passwords, API tokens, etc. in your python scripts to be able to share them securely. ansible-vault is not only for ansible, you can use it in your python scripts too: #!/usr/bin/env python import os from ansible.constants import DEFAULT_VAULT_ID_MATCH from ansible.parsing.vault import VaultLib, VaultSecret vaulted_data = """$ANSIBLE_VAULT;1.2;AES256;main 65616638393834613334623633383233326465623863613531636463636636383532313538643832 3335333637363138663630663336333163326238323235610a343730666335346361633939333335 63306165323239636530366463626632613138666663373735626531386361303063613932373830 3136306435666131390a643434643836366135336662376538633861633637613663633962346565 34613966353462306134636537306636346662383932353332373636643633633061 """ vault_pass = open('{}/.vault_pass'.format(os.environ.get('HOME'))).read().strip().encode('utf-8') vault = VaultLib([ (DEFAULT_VAULT_ID_MATCH, VaultSecret(vault_pass)) ]) cleartext_data = vault....

<span title='2023-09-03 00:00:01 +0000 UTC'>September 3, 2023</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;JC

Ansible: hide sensitive content with a callback plugin

We will see today how to use an Ansible callback plugin to hide sensitive data from ansible-playbook output. Example playbook Let’s say you need to create some MySQL databases with ansible, you will propably write a playbook like the one below, and protect your passwords with ansible-vault: --- - hosts: mysql-server gather_facts: no become: true vars: databases: - name: foo password: !vault | $ANSIBLE_VAULT;1.2;AES256;main 37666232623836363831383162313333376436616662396334313033626663383239366266323334 3665363939326132333261633165326561313262613634320a363036646533333530663434303764 33666138343666363832303930653031646265366165656564646166393736326435356666366139 3362363331396464370a373437306232353039323861303931386630316533323538336166353332 65313538623561353461383539303265323336636465396264326230623663386439 - name: bar password: !...

<span title='2023-09-01 00:00:01 +0000 UTC'>September 1, 2023</span>&nbsp;·&nbsp;4 min&nbsp;·&nbsp;JC

Hashicorp Vault et secrets dynamiques par ChatGPT

Voici quelques questions que j’ai posées à ChatGPT. A quoi ça sert d’utiliser la fonctionnalité de secrets dynamiques de Hashicorp Vault pour une base de données si on a le token qui permet de générer les mots de passe ? Les secrets dynamiques de HashiCorp Vault permettent de générer des identifiants et des mots de passe temporaires pour des bases de données. Cette fonctionnalité est utile dans les environnements où il est nécessaire de limiter l’accès aux ressources à des utilisateurs ou à des applications spécifiques et pour une durée limitée....

<span title='2023-04-15 00:00:01 +0000 UTC'>April 15, 2023</span>&nbsp;·&nbsp;4 min&nbsp;·&nbsp;JC