my blog and the random stuff i work out of interest and on behalf of customers….or just things i didn’t know before and want to share.
recent articles:
November, 30, 2022: Propagating SSO SAML Attributes to IAP Protected applicationNovember 21, 2022: Restricting GCP API calls with X-Goog-Allowed-Resources header using Envoy and SquidNovember 16, 2022: Building go applications using Google Cloud Build private go modules in Google Artifact RegistryOctober 25, 2022: Proxyless gRPC with Google Traffic DirectorOctober 22, 2022: Container Signing with Cosign and TPM PKCS-11October 20, 2022: Envoy External Processing filter for decoding Google gRPC PubSub MessagesOctober 20, 2022: Envoy Dynamic Forward Proxy configuration with Downstream SNI for Google APIs and httpbinOctober 19, 2022: Using docker SDK to launch a container from a containerOctober 19, 2022: Decoding gRPC Messages using EnvoyOctober 10, 2022: mTLS using GCP KMS KeysSeptember 26, 2022: Deterministic container hashes and container signing using Cosign, Bazel and Google Cloud BuildSeptember 13, 2022: Security Token Service (STS) Credentials for HTTP and gRPC (rfc8693)August 26, 2022: Using Google Cloud Workforce Identity Federation with SAMLAugust 12, 2022: KMS, TPM and HSM based Azure Certificate CredentialsAugust 12, 2022: golang-jwt using arbitrary crypto.SignerAugust 11, 2022: Federate Google Cloud OIDC tokens for AWS Access TokensAugust 11, 2022: Federate Google Cloud OIDC tokens for Azure Access TokensJuly 08, 2022: BigQuery Write API using protobufJune 26, 2022: Bring your own Key for BigQuery SQL column-level encryptionJune 10, 2022: AEAD Encryption with BQ Remote FunctionsJune 08, 2022: Basic Math with BigQuery Remote Functions using Homomorphic EncryptionJune 08, 2022: Managing and Restricting Google API KEYS programmaticallyJune 06, 2022: Creating and using gRPC HealthCheck encoded wireformat with curlMay 27, 2022: gRPC Unary requests the hard way: using protorefelect, dynamicpb and wire-encoding to send messagesMay 24, 2022: Envoy GCP Authentication Filter with Application Layer Transport Security (ALTS)May 19, 2022: Authorization Control using OpenPolicy Agent and Google GroupsMay 16, 2022: Search Transitive Group Membership using Google Cloud IdentityMay 12, 2022: GCP Service Account Last usage auditing using GolangMay 12, 2022: Realtime GCP assets monitoring using Cloud Asset Monitor and Cloud Log StreamingMay 12, 2022: GCP Service Account Last usage auditing using GoMay 01, 2022: Distributed HTTP Proxy on Google Cloud using TerraformApril 29, 2022 Google Workspace as Identity Provider for your SAML ApplicationApril 26, 2022 GCP Workload Identity Federation using SAMLApril 24, 2022 Issuing Service Account Self-Signed JWTs on AppEngine, GCE, Cloud Run and Cloud FunctionsApril 20, 2022 Exempting Application Default Credentials for Google MFA ReauthApril 11, 2022 Hashicorp Vault default Identity Provider for Google Workload Identity FederationApril 01, 2022 Concentric IAMCredentials Permissions: The secret life of signBlobMarch 30, 2022 GCP Cloud Status Dashboard Public DatasetMarch 21, 2022 Browser WebAssembly with Google Storage golang client libraryMarch 21, 2022 Browser WebAssembly with golang http clientMarch 20, 2022 Decoding WireGuard with WireSharkMarch 18, 2022 Limiting file-size and Content using GCS SignedURL v4March 17, 2022 Extend GCP ServiceAccount access_token upto 12 hoursMarch 14, 2022 Using stickfigures to show how Google Credentials workMarch 13, 2022 Google Cloud Storage client-side Stream encryption with gsutil and TINKMarch 11, 2022 BlobZapper: Deleting 1M files on GCS inMarch 09, 2022 Using Google Cloud IAM DenyFebruary 28, 2022 BigQuery Remote Functions in GoFebruary 21, 2022 Federating Firebase to Google Cloud APIsSee the Catalog for a list of all articles.
the stuff here isn’t supported by google, caveat emptor; the views here are my own