The latest articles on DEV Community by Claus Guttesen (@cguttesen). https://dev.to/cguttesen https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2570591%2Fdc26ced8-a07a-4ba1-8410-6945fbf52818.png https://dev.to/cguttesen en Claus Guttesen Thu, 15 May 2025 16:59:06 +0000 https://dev.to/cguttesen/a-git-like-tool-to-keep-track-of-configuration-files-490b https://dev.to/cguttesen/a-git-like-tool-to-keep-track-of-configuration-files-490b <h1> Kitty - A secure, encryption-focused configuration management tool written in Rust </h1> <p>I built Kitty to solve a problem I faced while managing configuration files across servers: I wanted Git-like tracking for system config files, but with built-in encryption and the ability to keep files in their original locations.</p> <p><strong>What is Kitty?</strong></p> <ul> <li>Secure configuration management tool with Git-like commands</li> <li>Files remain in their original locations (no need to symlink like with dotfiles managers)</li> <li>All stored content is encrypted with ChaCha20-Poly1305</li> <li>Password-protected repository access</li> <li>Choose between file-based or SQLite storage</li> <li>Works with system files that might require elevated privileges</li> </ul> <p><strong>Core features:</strong></p> <ul> <li>Track, version, and restore configuration files</li> <li>See differences between tracked and current versions</li> <li>Filter and group tracked files</li> <li>Restore previous versions when needed</li> <li>Privilege handling for system files</li> </ul> <p>Kitty is designed for sysadmins, DevOps engineers, and anyone who wants to securely track configuration files without moving them into a Git repository.</p> <p>The project is open source and written in Rust. It focuses on security first, with all sensitive content encrypted, making it suitable for tracking credentials and other sensitive configurations.</p> <p>GitHub repo: <a href="https://github.com/kometen/kitty" rel="noopener noreferrer">https://github.com/kometen/kitty</a></p> <p>I'd love feedback from the HN community, especially on the security model and additional features that would be useful for your configuration management workflow.</p> rust management programming cli Claus Guttesen Thu, 27 Mar 2025 16:51:51 +0000 https://dev.to/cguttesen/encrypt-messages-on-device-and-share-using-a-link-1gk5 https://dev.to/cguttesen/encrypt-messages-on-device-and-share-using-a-link-1gk5 <p>I wrote a webapplication with great help from Claude AI, where you can create a message, have it encrypted, upload the encrypted message to a server, share a link and decrypt it using a key downloaded to your device.</p> <p>Decrypting messages can be done without registering an account. Encrypting messages requires a registration. A profile is registered at Bitwarden, and a passkey is registered on your device. I can't read the profile at Bitwarden, apart from a random uuid.</p> <p>Write a message (optional):<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmi30a15tee2gehigdodq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmi30a15tee2gehigdodq.png" alt="Write message" width="700" height="454"></a></p> <p>Encrypt in browser, store encrypted message on server, and download key (optional).<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftdwig0koypc9l54wcl4w.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftdwig0koypc9l54wcl4w.png" alt="Encrypt and download key" width="700" height="454"></a></p> <p>Decrypt message with key.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbz3qruw92zb1war73xdz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbz3qruw92zb1war73xdz.png" alt="Descrypt message" width="700" height="454"></a></p> <p>The code is available at <a href="https://github.com/kometen/rocket-ssr" rel="noopener noreferrer">https://github.com/kometen/rocket-ssr</a>. An example can be opened at <a href="https://obscura.bsky.dk/message/gKSxqMBjzj1Su0QAViN6zg" rel="noopener noreferrer">https://obscura.bsky.dk/message/gKSxqMBjzj1Su0QAViN6zg</a>. Use the key <code>sSjMGidFJzDuG6h2LNsxBHGr/dwgIoP+CWAOGgxRXZ8=</code> to decrypt it.</p> <p>Enjoy.</p> <p>It is build using the Rust based Rocket framework, Bitwardens passwordless service. And the example is based on <a href="https://github.com/davidzr/passwordless-rust" rel="noopener noreferrer">https://github.com/davidzr/passwordless-rust</a>.</p> encrypt rust passwordless passkey Claus Guttesen Sat, 14 Dec 2024 17:54:44 +0000 https://dev.to/cguttesen/dns-load-balancing-4jpb https://dev.to/cguttesen/dns-load-balancing-4jpb <p>If you sometimes need to use a DNS-server in kubernetes at work you can add this to your network-settings. But reconfiguring the settings can be tedious.</p> <p>I wrote a DNS-forwarder that could talk to one or more public DNS-servers and the kubernetes DNS-server, and let it handle the rest. This way I always have a working DNS-resolution even if not all DNS-servers are reachable. The DNS-load-balancer can be found at <a href="https://github.com/kometen/dns-load-balancer/" rel="noopener noreferrer">https://github.com/kometen/dns-load-balancer/</a>.</p> <p>As an example here is my config.toml:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ cat /usr/local/etc/dns-load-balancer/config.toml [[servers]] address = "1.1.1.1" use_tls = true description = "Cloudflare DNS" [[servers]] address = "8.8.8.8" use_tls = true description = "Google DNS" [[servers]] address = "10.152.183.10" use_tls = false description = "Kubernetes DNS" </code></pre> </div> <p>When the Wireguard VPN-tunnel is not connected to the kubernetes-cluster:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ host postgresql.invoice.svc.cluster.local DNS resolution failed: Failed to resolve hostname: postgresql.invoice.svc.cluster.local. Root cause: no record found for Query { name: Name("postgresql.invoice.svc.cluster.local."), query_type: AAAA, query_class: IN } Error: Failed to resolve hostname: postgresql.invoice.svc.cluster.local. Caused by: no record found for Query { name: Name("postgresql.invoice.svc.cluster.local."), query_type: AAAA, query_class: IN } </code></pre> </div> <p>When connected:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ host postgresql.invoice.svc.cluster.local postgresql.invoice.svc.cluster.local has address 10.152.183.95 </code></pre> </div> <p>Had I configured the Kubernetes DNS as the only DNS-server, either in network-settings or in config.toml no nameresolution would take place. By adding Cloudflare and Google nameresolution will usually work and only fail if the Wireguard VPN is not connected and I query for services in Kubernetes.</p> rust dns network webdev