DEV Community: Khai J. Thani

Move hardcoded secrets to a Secrets Manager

Khai J. Thani — Sun, 13 Oct 2024 14:23:07 +0000

A secrets manager is a tool for storing and managing your passwords, API keys, database credentials and other types of sensitive data your application requires.

Secrets hard-coded in application source codes or stored in plain text files for your codes to consume can be exploited by malicious entities who can inspect the applications or the components in your system. This risk can be mitigated with secrets managers.

dotenv-vault

dotenv-vault is one such secrets manager that provides a safer alternative to putting your secrets in code.

[!Note]
This is not a tutorial on using dotenv-vault. The aim of this document is to describe how a secrets manager can help developers avoid hard-coding secrets or storing them in plain text files. You can learn how to get started with dotenv-vault here.

Let's say I have sensitive information about a particular character in the movie Star Wars: Episode V and I want my program to use that information.

def spoiler():
    spoiler = "Darth Vader is Luke Skywalker's father"
    return { "spoiler": spoiler }

Instead of hard-coding the information, I would write it as an environment variable in the .env file:

SPOILER="Darth Vader is Luke Skywalker's father"

With dotenv-vault, my program is able to access the sensitive information by using the environment variable.

import os
from dotenv_vault import load_dotenv

load_dotenv() # Take environment variables from .env

def spoiler():
    spoiler = os.getenv("SPOILER") # Get the secret
    return { "spoiler": spoiler }

Then I encrypt the environment variable by syncing the .env file. Once the syncing is completed, a data known as DOTENV_KEY can be generated. This output can be read by my program as an environment variable in production.

DOTENV_KEY='dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production' python main.py

As a result, my production application is able to access the secret.

{ "spoiler": "Darth Vader is Luke Skywalker's father" }

Choose the right Secrets Manager for you

There is a variety of secrets management solutions available. Each secrets manager comes with its own set of pros and cons. Choose the option that best fits your organization's requirements.

List of alternative Secrets Managers:

Neo4j basics

Khai J. Thani — Sat, 02 Apr 2022 02:32:35 +0000

What is a graph?

A graph is a set of objects in which some pairs of the objects are connected. The objects are known as nodes and the connections are known as relationships. With these two elements, we can solve real-world problems by creating or inferring connections between objects. We can also create predictions given the strength of the connections.

How are graphs structured?

In an undirected graph, the relationships are bi-directional or symmetric; in a directed graph, the relationships have one direction.

In a weighted graph, the relationships carry measurable values such as cost, time, distance or priority.

The structure of a graph enables traversal. The process consists of following the relationships. With Neo4j's Cypher query language, relationships are not be followed multiple times.

Some common use-cases for graphs

E-commerce and real-time recommendations:
Recommendations like "People who bought {Product X} also bought…" can be generated by having a proportion of the graph be traversed. In this example, you traverse from one Product node to the Persons nodes who have purchased that product and then to the subsequent Products nodes that they have bought.
Investigative journalism:
The graph known as Panana Papers was created to identify possible corruption based upon the relationships between people, companies, and most importantly financial institutions.
Network and IT operations:
A typical graph would describe how information flows through a system and how components of a network are related
Transportation and logistics:
A typical graph would describe how locations are related and the distances between them

Access the full details of Delivery Status Notification (Failure) messages from Amazon SES

Khai J. Thani — Wed, 20 Jan 2021 11:05:03 +0000

We received a message from Amazon SES notifying us an error had occurred while trying to deliver an email to a recipient:

From: <MAILER-DAEMON@amazonses.com>
Date: Tue, Dec 15, 2020, 3:33 PM
Subject: Delivery Status Notification (Failure)
To: My Company <abc@example.com>

An error occurred while trying to deliver the mail to the following recipients:
johndoe@****de.com

At first glance, it seems that no causes of the errors are specified in the email, but that is not the case. You can access hidden information by downloading the original message. You will get an .eml file, and it will contain info. such as the following:

Action: failed
Final-Recipient: ******; johndoe@****de.com
Diagnostic-Code: blah blah blah Message expired: unable to deliver in 840 minutes.<The email account that you tried to reach is over quota. blah blah blah

In this case, the recipient’s inbox was full it could not receive the email.