nonbei alley
Home
Articles
2022
Propagating SSO SAML Attributes to IAP Protected application
Restricting GCP API calls with X-Goog-Allowed-Resources header using Envoy and Squid
Building go applications using Google Cloud Build private go modules in Google Artifact Registry
Proxyless gRPC with Google Traffic Director
Container Signing with Cosign and TPM PKCS-11
Envoy External Processing filter for decoding Google gRPC PubSub Messages
Envoy Dynamic Forward Proxy configuration with Downstream SNI for Google APIs and httpbin
Decoding gRPC Messages using Envoy
Using docker SDK to launch a container from a container
mTLS using GCP KMS Keys
Deterministic container hashes and container signing using Cosign, Bazel and Google Cloud Build
Security Token Service (STS) Credentials for HTTP and gRPC (rfc8693)
Using Google Cloud Workforce Identity Federation with SAML
KMS, TPM and HSM based Azure Certificate Credentials
Federate Google Cloud OIDC tokens for AWS Access Tokens
Federate Google Cloud OIDC tokens for Azure Access Tokens
golang-jwt using arbitrary crypto.Signer
BigQuery Write API using protobuf
Bring your own Key for BigQuery SQL column-level encryption
AEAD Encryption with BQ Remote Functions
Basic Math with BigQuery Remote Functions using Homomorphic Encryption
Managing and Restricting Google API KEYS programmatically
Creating and using gRPC HealthCheck encoded wireformat with curl
gRPC Unary requests the hard way: using protorefelect, dynamicpb and wire-encoding to send messages
Envoy GCP Authentication Filter with Application Layer Transport Security (ALTS)
Authorization Control using OpenPolicy Agent and Google Groups
Search Transitive Group Membership using Google Cloud Identity
Realtime GCP assets and access monitoring using Cloud Asset Monitor and Cloud Log Streaming
GCP Service Account Last usage auditing using Golang
Distributed HTTP Proxy on Google Cloud using Terraform
Google Workspace as Identity Provider for your SAML Application
GCP Workload Identity Federation using SAML
Issuing Service Account Self-Signed JWTs on AppEngine, GCE, Cloud Run and Cloud Functions
Exempting Application Default Credentials for Google MFA Reauth
Hashicorp Vault Identity Provider with Google Workload Identity Federation
Concentric IAMCredentials Permissions: The secret life of signBlob
GCP Cloud Status Dashboard Public Dataset
Browser WebAssembly with Google Storage golang client library
Browser WebAssembly with golang http client
Decoding WireGuard with WireShark
Limiting file-size and Content using GCS SignedURL v4
Extend GCP ServiceAccount access_token upto 12 hours
Using stickfigures to show how Google Credentials work
Google Cloud Storage client-side Stream encryption with gsutil and TINK
BlobZapper: Deleting 1M files on GCS in 20mins
Using Google Cloud IAM Deny
BigQuery Remote Functions in Go
Federating Firebase to Google Cloud APIs
Cloud Build Authentication to Cloud Run, Cloud Functions, IAP
Authenticating using Workload Identity Federation to Cloud Run, Cloud Functions
Cloud Events end-to-end envelope encryption extension
Cloud Run Eventarc using Cloud Events SDK
Identifying which IAM Permissions an end-user has on a resource in Google Cloud
Override default Service Accounts for Google AppEngine Standard
Decoding gRPC messages over TLS using eBPF
Kernel TLS with Openssl and Nginx
Simple math using WebAssembly and Homomorphic Encryption
BigQuery Client-side Encryption using AEAD
Monitoring GCP API Latency locally using Envoy
Certificate Bound Tokens using Security Token Exchange Server (STS)
2021
Using Custom Standard HTTP headers for Google Cloud Client Libraries
Using FieldMask for Google Cloud Client Libraries
Using Google Cloud SDK Emulators
Using JWT AccessTokens with Google Cloud Client Libraries
Using proxy servers with Google Cloud Client Libraries
Comparing Cloud Client vs GoogleAPI Libraries
Exception Handling for Google Cloud Client Libraries
Exponential Backoff and Retry for Google Cloud Client Libraries
Google Cloud Storage SignedURL with Cloud Run, Cloud Functions and GCE VMs
Managing Long Running Operations (LRO) with Google Cloud Client Libraries
Measure API request latency with Google Cloud Client Libraries
Override Request Initializers/Interceptors for Google Cloud Client Libraries
Override Trust certificates for TLS for Google Cloud Client Libraries
Pagination with Google Cloud Client Libraries
Trace and Transport logs for Google Cloud Client Libraries
Impersonation and Domain Wide Delegation with Google Cloud Client Libraries
QUIC HTTP/3 with nginx, envoy and curl
gRPC Web and gRPC Transcoding with Envoy
Demonstrating HMAC SHA256 keysize limits with openssl
Google Cloud VPC-SC basic ingress and egress rules
Understanding workload identity federation
Cross Project Service Accounts on Google Cloud
GCP Developers Missing Manual
nginx with TPM based SSL
Envoy Oauth2 Filter
golang-jwt library for PKCS11
golang-jwt library for Trusted Platform Module (TPM)
golang-jwt library for Yubikey
Using Wireshark to decrypt TLS gRPC Client-Server protobuf messages
IoT Core Authentication with Trusted Platform Module (TPM)
Using ImpersonatedCredentials for Google Cloud APIs and IDTokens
GCP Quota and Cost Distribution between Projects
OpenSSL 3.0.0 docker with TLS trace enabled
Embedding AWS_SECRET_ACCESS_KEY into Trusted Platform Modules, PKCS-11 devices, Hashicorp Vault and KMS wrapped TINK Keyset
Kubernetes xDS service for gRPC loadbalancing
TPM Remote Attestation protocol using go-tpm and gRPC
Importing and extracting external keys for BigQuery AEAD Tink KeySets
Terraform Provider for HTTP mTLS and POST Dataources
Time limited, auto-expiring group memberships for users on Google Cloud
Google Cloud IAM Roles-Permissions Public Dataset
Using Kubernetes Service Accounts for Google Workload Identity Federation
GCP API Gateway with gRPC
Request Annotation with Cloud Audit Logging and Monitoring on GCP
GCS signedURLs and GCP Authentication with Trusted Platform Module
Envoy TAP filter for gRPC
Recaptcha Helloworld
Envoy External Processing Filter
Secure Boot with Debian 10 and QEMU
GKE Structured log with in go with glog and logsrus
gcloud alias for Application Default Credentials
gRPC per method observability with envoy, Istio, OpenCensus and GKE
2020
Envoy WASM and LUA filters for Certificate Bound Tokens
Envoy WASM with external gRPC server
Envoy mTLS
mTLS with TPM bound private key
Rclone Storage bucket sync using Cloud Scheduler and Cloud Run
GCP Workload Identity Federation using AWS Credentials
GCP Workload Identity Federation using OIDC Credentials
gRPC ALTS HelloWorld
Serverless Security Token Exchange Server(STS) and gRPC STS credentials
XML parsing with BigQuery UDF
Create your own CA, Subordinate, CRL, SNI
Simple RideSharing helloworld with Homomorphic Encryption
Deterministic builds with go + bazel + grpc + docker
BigQuery UDF Marshall/Unmarshall Protocolbuffers
Using Terraform Cloud Webhook with Google Cloud Logging
BigQuery HMAC-SHA256 User-defined Function
Sending logs directly to GCS using Cloud Logging fluentd
Vault Secrets for GCP Credential Access Boundary and Impersonation
Firebase Storage and Authorization Rules engine 'helloworld'
Docker daemon mTLS with Trusted Platform Module
gRPC xDS Loadbalancing
Untrusted Multiparty Compute using GCP VMs with Trusted Platform Modules
Docker mTLS ACLs with Open Policy Agent
Mounting LUKS encrypted Disks using Google Secrets Manager
External Authorization Server with Istio
GPG Stream Encryption for Google Storage in golang by chaining Pipes
Using Credential Access Boundary (DownScoped) Tokens
GPG Stream Encryption in golang by chaining Pipes
Importing SHA hashed passwords into Firebase and Identity Platform
Easy GSuites Domain-Wide Delegation (DwD) in Java
Knative cli with Cloud Run (managed)
Redis with Envoy
Mounting CSEK protected disk with LUKS encryption on Google Compute Engine
Squid proxy cluster with ssl_bump on Google Cloud
Knative Traffic Splitting
mTLS using Hashcorp Vault's PKI Secrets
Google Cloud KMS based Service Accounts for Authentication and SignedURLs
2019
Simple distributed tracing with OpenTracing and Stackdriver
TPM2-TSS-Engine hello world and Google Cloud Authentication
GCS SignedURL with Google AppEngine Standard (1st gen)
Yet another image file converter on GCP
Kubernetes RBAC with Google Cloud Identity Platform/Firebase Tokens
crypto.Signer, implementations for Google Cloud KMS and Trusted Platform Modules
Envoy External Authorization server (envoy.ext_authz) with OPA HelloWorld
Managing Kubernetes CustomResourceDefinitions with Google Deployment Manager
gRPC Authentication with Cloud Run
How to embed SSH private keys into a Yubikey or TPM
Anti Virus file scanning on Google Cloud Storage using ClamAV
Using Google's Client Library Generation system
Vault auth and secrets on GCP
Vault Kubernetes Auth with Minikube
A simple HTTP Proxy for gRPC HealthChecks
Accessing Google Cloud Storage using AWS SDK and OAuth2
Envoy Global rate limiting helloworld
YubiKey TokenSource
Using Stackdriver* with golang on Istio
gRPC Authentication with Google OpenID Connect tokens
Authenticating using Google OpenID Connect Tokens
Calling Cloud Composer to Cloud Functions and back again, securely
Automatic oauth2: Using Cloud Scheduler and Tasks to call Google APIs
Automatic OIDC: Using Cloud Scheduler, Tasks, and PubSub to securely call Cloud Run, Cloud Functions
Google Container Registry statistics from GCS access_logs
Google Cloud Trace context propagation and metrics graphs with Grafana+Prometheus and Stackdriver
GPG stream encryption and decryption on Google Cloud Functions and Cloud Run
IAP access to GCP and On-prem systems using Identity Platform
Terraform “Assume Role” and service Account impersonation on Google Cloud
Upload/Download files from a browser with GCS Signed URLs and Signed Policy Documents
Fluentd filter plugin for Google Cloud Data Loss Prevention API
Writing Developer logs with Google Cloud Logging
Creating a simple Debian installer
Istio gRPC Loadbalancing with GCP Internal LoadBalancer (ILB)
Envoy http/tcp Parser Plugin for Fluentd
Envoy, Nginx, Apache HTTP Structured Logging with Google Cloud Logging
Setting up SAML for Google Cloud Identity for Customers and Partners (CICP)
2018
Using ImpersonatedCredentials for Google Cloud APIs
Message Encryption with Dataflow PubSub Stream Processing
gRPC over browser Javascript: Using gRPC-Web on Google Kubernetes Engine Ingress
Faster and more Reliable ServiceAccount authentication for Google Cloud Platform APIs
Representing Gsuites and Google Cloud Org structure as a Graph Database
GCS HMAC SignedURL
GKE gRPC Ingress LoadBalancing
Using collectd ping plugin to monitor VM->VM latency with Google Stackdriver
GCS Signed URL with Customer Supplied Encryption Key
Single Page webapp using GKE, App Engine, Google Cloud Endpoints and Identity Aware Proxy
auditd agent config for Stackdriver Logging
Combining correlated Log Lines in Google Stackdriver
Envoy for Google Cloud Identity Aware Proxy
Message Payload Encryption in Google Cloud Pub/Sub
PubSub Encryption: Shared Secret
PubSub Encryption: Service Account
PubSub Encryption KMS
PubSubEnvelope Encryption and KMS
Encrypting Google Application Default and gcloud credentials with GPG SmardCard
Envoy control plane 'hello world'
Envoy Discovery EDS 'hello world'
GCS, KMS and wrapped secrets
Google Cloud Endpoints: REST and gRPC, gRPC+Transcoding
Istio Hello World my way
2017
Google Cloud Storage SignedURL + Resumable upload with cURL
Multi-mode Squid Proxy container running ssl-bump
GKE NFS with Google Cloud Single Node Filer and Google Cloud FileStore
grpc with curl
Google Cloud SDK Dockerfile
2016
Simple SAML SSO server for Google Cloud and Apps
Google Cloud Platform API hello world samples
Setting up Google Directory Sync with OpenLDAP
GCE Metadata Server Emulator
.NET on GCP
About
Feedbox
Catalog
github.com/salrashid123
rss
Built with
from
Grav
and
Hugo
just sal's blog
>
Tags
> tls
tag :: tls
2021-11-28
Using Wireshark to decrypt TLS gRPC Client-Server protobuf messages
OpenSSL 3.0.0 docker with TLS trace enabled
Terraform Provider for HTTP mTLS and POST Dataources
Squid proxy cluster with ssl_bump on Google Cloud
2021-11-28 | Using Wireshark to decrypt TLS gRPC Client-Server protobuf messages
2021-09-28 | OpenSSL 3.0.0 docker with TLS trace enabled
2021-08-13 | Terraform Provider for HTTP mTLS and POST Dataources
2020-01-10 | Squid proxy cluster with ssl_bump on Google Cloud
This site supports
webmentions
. Send me a mention via
this form
.