nonbei alley

Home

Articles
About
- Feedbox
Catalog

github.com/salrashid123

rss

Built with from Grav and Hugo

just sal's blog > Catalog

Catalog

2022-01-07

All articles

2022-11-30 | Propagating SSO SAML Attributes to IAP Protected application
2022-11-21 | Restricting GCP API calls with X-Goog-Allowed-Resources header using Envoy and Squid
2022-11-16 | Building go applications using Google Cloud Build private go modules in Google Artifact Registry
2022-10-25 | Proxyless gRPC with Google Traffic Director
2022-10-22 | Container Signing with Cosign and TPM PKCS-11
2022-10-21 | Envoy External Processing filter for decoding Google gRPC PubSub Messages
2022-10-20 | Envoy Dynamic Forward Proxy configuration with Downstream SNI for Google APIs and httpbin
2022-10-19 | Using docker SDK to launch a container from a container
2022-10-19 | Decoding gRPC Messages using Envoy
2022-10-10 | mTLS using GCP KMS Keys
2022-09-26 | Deterministic container hashes and container signing using Cosign, Bazel and Google Cloud Build
2022-09-13 | Security Token Service (STS) Credentials for HTTP and gRPC (rfc8693)
2022-08-26 | Using Google Cloud Workforce Identity Federation with SAML
2022-08-20 | Feedbox
2022-08-12 | KMS, TPM and HSM based Azure Certificate Credentials
2022-08-11 | golang-jwt using arbitrary crypto.Signer
2022-08-11 | Federate Google Cloud OIDC tokens for Azure Access Tokens
2022-08-11 | Federate Google Cloud OIDC tokens for AWS Access Tokens
2022-07-08 | BigQuery Write API using protobuf
2022-06-26 | Bring your own Key for BigQuery SQL column-level encryption
2022-06-10 | AEAD Encryption with BQ Remote Functions
2022-06-08 | Managing and Restricting Google API KEYS programmatically
2022-06-08 | Basic Math with BigQuery Remote Functions using Homomorphic Encryption
2022-06-06 | Creating and using gRPC HealthCheck encoded wireformat with curl
2022-05-27 | gRPC Unary requests the hard way: using protorefelect, dynamicpb and wire-encoding to send messages
2022-05-23 | Envoy GCP Authentication Filter with Application Layer Transport Security (ALTS)
2022-05-18 | Authorization Control using OpenPolicy Agent and Google Groups
2022-05-16 | Search Transitive Group Membership using Google Cloud Identity
2022-05-12 | Realtime GCP assets and access monitoring using Cloud Asset Monitor and Cloud Log Streaming
2022-05-12 | GCP Service Account Last usage auditing using Golang
2022-05-01 | Distributed HTTP Proxy on Google Cloud using Terraform
2022-04-28 | Google Workspace as Identity Provider for your SAML Application
2022-04-26 | GCP Workload Identity Federation using SAML
2022-04-22 | Issuing Service Account Self-Signed JWTs on AppEngine, GCE, Cloud Run and Cloud Functions
2022-04-20 | Exempting Application Default Credentials for Google MFA Reauth
2022-04-11 | Hashicorp Vault Identity Provider with Google Workload Identity Federation
2022-04-01 | Concentric IAMCredentials Permissions: The secret life of signBlob
2022-03-30 | GCP Cloud Status Dashboard Public Dataset
2022-03-21 | Browser WebAssembly with Google Storage golang client library
2022-03-21 | Browser WebAssembly with golang http client
2022-03-20 | Decoding WireGuard with WireShark
2022-03-18 | Limiting file-size and Content using GCS SignedURL v4
2022-03-17 | Extend GCP ServiceAccount access_token upto 12 hours
2022-03-13 | Using stickfigures to show how Google Credentials work
2022-03-13 | Google Cloud Storage client-side Stream encryption with gsutil and TINK
2022-03-11 | BlobZapper: Deleting 1M files on GCS in 20mins
2022-03-07 | Using Google Cloud IAM Deny
2022-02-28 | BigQuery Remote Functions in Go
2022-02-21 | Federating Firebase to Google Cloud APIs
2022-02-16 | Cloud Build Authentication to Cloud Run, Cloud Functions, IAP
2022-02-11 | Authenticating using Workload Identity Federation to Cloud Run, Cloud Functions
2022-02-09 | Cloud Run Eventarc using Cloud Events SDK
2022-02-09 | Cloud Events end-to-end envelope encryption extension
2022-01-29 | Identifying which IAM Permissions an end-user has on a resource in Google Cloud
2022-01-25 | Override default Service Accounts for Google AppEngine Standard
2022-01-23 | Decoding gRPC messages over TLS using eBPF
2022-01-20 | Kernel TLS with Openssl and Nginx
2022-01-14 | Simple math using WebAssembly and Homomorphic Encryption
2022-01-13 | BigQuery Client-side Encryption using AEAD
2022-01-07 | Monitoring GCP API Latency locally using Envoy
2022-01-01 | Certificate Bound Tokens using Security Token Exchange Server (STS)
2021-12-26 | QUIC HTTP/3 with nginx, envoy and curl
2021-12-24 | gRPC Web and gRPC Transcoding with Envoy
2021-12-22 | Understanding workload identity federation
2021-12-22 | Google Cloud VPC-SC basic ingress and egress rules
2021-12-22 | Demonstrating HMAC SHA256 keysize limits with openssl
2021-12-16 | Cross Project Service Accounts on Google Cloud
2021-12-15 | GCP Developers Missing Manual
2021-12-15 | Impersonation and Domain Wide Delegation with Google Cloud Client Libraries
2021-12-15 | Trace and Transport logs for Google Cloud Client Libraries
2021-12-15 | Pagination with Google Cloud Client Libraries
2021-12-15 | Override Trust certificates for TLS for Google Cloud Client Libraries
2021-12-15 | Override Request Initializers/Interceptors for Google Cloud Client Libraries
2021-12-15 | Measure API request latency with Google Cloud Client Libraries
2021-12-15 | Managing Long Running Operations (LRO) with Google Cloud Client Libraries
2021-12-15 | Google Cloud Storage SignedURL with Cloud Run, Cloud Functions and GCE VMs
2021-12-15 | Exponential Backoff and Retry for Google Cloud Client Libraries
2021-12-15 | Exception Handling for Google Cloud Client Libraries
2021-12-15 | Comparing Cloud Client vs GoogleAPI Libraries
2021-12-15 | Using proxy servers with Google Cloud Client Libraries
2021-12-15 | Using JWT AccessTokens with Google Cloud Client Libraries
2021-12-15 | Using Google Cloud SDK Emulators
2021-12-15 | Using FieldMask for Google Cloud Client Libraries
2021-12-15 | Using Custom Standard HTTP headers for Google Cloud Client Libraries
2021-12-14 | nginx with TPM based SSL
2021-12-14 | Envoy Oauth2 Filter
2021-11-28 | Using Wireshark to decrypt TLS gRPC Client-Server protobuf messages
2021-11-28 | golang-jwt library for Yubikey
2021-11-28 | golang-jwt library for Trusted Platform Module (TPM)
2021-11-28 | golang-jwt library for PKCS11
2021-11-18 | Using ImpersonatedCredentials for Google Cloud APIs and IDTokens
2021-11-18 | IoT Core Authentication with Trusted Platform Module (TPM)
2021-10-11 | GCP Quota and Cost Distribution between Projects
2021-09-28 | OpenSSL 3.0.0 docker with TLS trace enabled
2021-09-17 | Embedding AWS_SECRET_ACCESS_KEY into Trusted Platform Modules, PKCS-11 devices, Hashicorp Vault and KMS wrapped TINK Keyset
2021-09-08 | Kubernetes xDS service for gRPC loadbalancing
2021-08-18 | TPM Remote Attestation protocol using go-tpm and gRPC
2021-08-13 | Terraform Provider for HTTP mTLS and POST Dataources
2021-08-13 | Importing and extracting external keys for BigQuery AEAD Tink KeySets
2021-08-12 | Time limited, auto-expiring group memberships for users on Google Cloud
2021-08-11 | Google Cloud IAM Roles-Permissions Public Dataset
2021-08-09 | Using Kubernetes Service Accounts for Google Workload Identity Federation
2021-08-04 | Request Annotation with Cloud Audit Logging and Monitoring on GCP
2021-08-04 | GCP API Gateway with gRPC
2021-08-02 | GCS signedURLs and GCP Authentication with Trusted Platform Module
2021-06-04 | Envoy TAP filter for gRPC
2021-04-22 | Recaptcha Helloworld
2021-03-31 | Envoy External Processing Filter
2021-02-18 | Secure Boot with Debian 10 and QEMU
2021-01-29 | GKE Structured log with in go with glog and logsrus
2021-01-12 | gRPC per method observability with envoy, Istio, OpenCensus and GKE
2021-01-12 | gcloud alias for Application Default Credentials
2020-12-20 | Envoy WASM with external gRPC server
2020-12-20 | Envoy WASM and LUA filters for Certificate Bound Tokens
2020-12-12 | Envoy mTLS
2020-11-20 | mTLS with TPM bound private key
2020-11-10 | Rclone Storage bucket sync using Cloud Scheduler and Cloud Run
2020-11-04 | Serverless Security Token Exchange Server(STS) and gRPC STS credentials
2020-11-04 | gRPC ALTS HelloWorld
2020-11-04 | GCP Workload Identity Federation using OIDC Credentials
2020-11-04 | GCP Workload Identity Federation using AWS Credentials
2020-11-01 | XML parsing with BigQuery UDF
2020-09-03 | Create your own CA, Subordinate, CRL, SNI
2020-08-22 | Simple RideSharing helloworld with Homomorphic Encryption
2020-08-14 | Deterministic builds with go + bazel + grpc + docker
2020-07-31 | Using Terraform Cloud Webhook with Google Cloud Logging
2020-07-31 | BigQuery UDF Marshall/Unmarshall Protocolbuffers
2020-07-20 | Vault Secrets for GCP Credential Access Boundary and Impersonation
2020-07-20 | Sending logs directly to GCS using Cloud Logging fluentd
2020-07-20 | BigQuery HMAC-SHA256 User-defined Function
2020-05-10 | Firebase Storage and Authorization Rules engine 'helloworld'
2020-05-06 | gRPC xDS Loadbalancing
2020-05-06 | Docker daemon mTLS with Trusted Platform Module
2020-04-20 | Untrusted Multiparty Compute using GCP VMs with Trusted Platform Modules
2020-04-10 | Docker mTLS ACLs with Open Policy Agent
2020-04-02 | Mounting LUKS encrypted Disks using Google Secrets Manager
2020-03-24 | External Authorization Server with Istio
2020-03-02 | Using Credential Access Boundary (DownScoped) Tokens
2020-03-02 | GPG Stream Encryption for Google Storage in golang by chaining Pipes
2020-02-21 | GPG Stream Encryption in golang by chaining Pipes
2020-02-19 | Importing SHA hashed passwords into Firebase and Identity Platform
2020-02-17 | Easy GSuites Domain-Wide Delegation (DwD) in Java
2020-02-03 | Redis with Envoy
2020-02-03 | Knative cli with Cloud Run (managed)
2020-01-20 | Mounting CSEK protected disk with LUKS encryption on Google Compute Engine
2020-01-10 | Squid proxy cluster with ssl_bump on Google Cloud
2020-01-08 | mTLS using Hashcorp Vault's PKI Secrets
2020-01-08 | Knative Traffic Splitting
2020-01-06 | Google Cloud KMS based Service Accounts for Authentication and SignedURLs
2019-12-24 | TPM2-TSS-Engine hello world and Google Cloud Authentication
2019-12-24 | Simple distributed tracing with OpenTracing and Stackdriver
2019-12-22 | GCS SignedURL with Google AppEngine Standard (1st gen)
2019-11-28 | Yet another image file converter on GCP
2019-11-22 | Kubernetes RBAC with Google Cloud Identity Platform/Firebase Tokens
2019-11-09 | Envoy External Authorization server (envoy.ext_authz) with OPA HelloWorld
2019-11-09 | crypto.Signer, implementations for Google Cloud KMS and Trusted Platform Modules
2019-11-08 | Managing Kubernetes CustomResourceDefinitions with Google Deployment Manager
2019-11-06 | gRPC Authentication with Cloud Run
2019-11-04 | How to embed SSH private keys into a Yubikey or TPM
2019-09-24 | Vault Kubernetes Auth with Minikube
2019-09-24 | Vault auth and secrets on GCP
2019-09-24 | Using Google's Client Library Generation system
2019-09-24 | Anti Virus file scanning on Google Cloud Storage using ClamAV
2019-08-24 | Accessing Google Cloud Storage using AWS SDK and OAuth2
2019-08-24 | A simple HTTP Proxy for gRPC HealthChecks
2019-08-22 | YubiKey TokenSource
2019-08-22 | Envoy Global rate limiting helloworld
2019-08-19 | Using Stackdriver* with golang on Istio
2019-08-14 | gRPC Authentication with Google OpenID Connect tokens
2019-07-19 | Authenticating using Google OpenID Connect Tokens
2019-06-10 | Calling Cloud Composer to Cloud Functions and back again, securely
2019-05-20 | Automatic OIDC: Using Cloud Scheduler, Tasks, and PubSub to securely call Cloud Run, Cloud Functions
2019-05-20 | Automatic oauth2: Using Cloud Scheduler and Tasks to call Google APIs
2019-05-19 | Google Container Registry statistics from GCS access_logs
2019-05-14 | Google Cloud Trace context propagation and metrics graphs with Grafana+Prometheus and Stackdriver
2019-04-29 | Upload/Download files from a browser with GCS Signed URLs and Signed Policy Documents
2019-04-29 | Terraform “Assume Role” and service Account impersonation on Google Cloud
2019-04-29 | IAP access to GCP and On-prem systems using Identity Platform
2019-04-29 | GPG stream encryption and decryption on Google Cloud Functions and Cloud Run
2019-03-12 | Fluentd filter plugin for Google Cloud Data Loss Prevention API
2019-03-06 | Writing Developer logs with Google Cloud Logging
2019-03-05 | Creating a simple Debian installer
2019-02-11 | Istio gRPC Loadbalancing with GCP Internal LoadBalancer (ILB)
2019-02-03 | Setting up SAML for Google Cloud Identity for Customers and Partners (CICP)
2019-02-03 | Envoy, Nginx, Apache HTTP Structured Logging with Google Cloud Logging
2019-02-03 | Envoy http/tcp Parser Plugin for Fluentd
2018-11-21 | Using ImpersonatedCredentials for Google Cloud APIs
2018-11-05 | Message Encryption with Dataflow PubSub Stream Processing
2018-09-19 | gRPC over browser Javascript: Using gRPC-Web on Google Kubernetes Engine Ingress
2018-08-28 | Representing Gsuites and Google Cloud Org structure as a Graph Database
2018-08-28 | Faster and more Reliable ServiceAccount authentication for Google Cloud Platform APIs
2018-08-03 | GKE gRPC Ingress LoadBalancing
2018-08-03 | GCS HMAC SignedURL
2018-07-18 | Using collectd ping plugin to monitor VM->VM latency with Google Stackdriver
2018-07-09 | GCS Signed URL with Customer Supplied Encryption Key
2018-06-26 | Single Page webapp using GKE, App Engine, Google Cloud Endpoints and Identity Aware Proxy
2018-06-20 | auditd agent config for Stackdriver Logging
2018-06-14 | Envoy for Google Cloud Identity Aware Proxy
2018-06-14 | Combining correlated Log Lines in Google Stackdriver
2018-06-05 | PubSubEnvelope Encryption and KMS
2018-06-05 | PubSub Encryption KMS
2018-06-05 | PubSub Encryption: Service Account
2018-06-05 | PubSub Encryption: Shared Secret
2018-05-14 | Encrypting Google Application Default and gcloud credentials with GPG SmardCard
2018-04-30 | GCS, KMS and wrapped secrets
2018-04-30 | Envoy Discovery EDS 'hello world'
2018-04-30 | Envoy control plane 'hello world'
2018-04-01 | Google Cloud Endpoints: REST and gRPC, gRPC+Transcoding
2018-02-06 | Istio Hello World my way
2017-09-12 | Google Cloud Storage SignedURL + Resumable upload with cURL
2017-09-08 | Multi-mode Squid Proxy container running ssl-bump
2017-09-01 | GKE NFS with Google Cloud Single Node Filer and Google Cloud FileStore
2017-08-26 | grpc with curl
2017-03-27 | Google Cloud SDK Dockerfile
2016-12-29 | Setting up Google Directory Sync with OpenLDAP
2016-08-26 | GCE Metadata Server Emulator
2016-07-25 | Simple SAML SSO server for Google Cloud and Apps
2016-04-24 | .NET on GCP
2015-08-25 | Google Cloud Platform API hello world samples