No good way to verify public image sha256 in docker hub – security concern

This is a little crazy but apparently we don’t have a good way to verify sha256 digests of public images in docker hub. Related thread is here: https://github.com/docker/hub-feedback/issues/1925 and also this stackoverflow is useful: https://stackoverflow.com/questions/57316115/get-manifest-of-a-public-docker-image-hosted-on-docker-hub-using-the-docker-regi . Problems in the nutshell: Publicly displayed digests on docker hub UI do not match those seen when pulling images […]

Gene Kim’s “The Unicorn Project” – my view

“The Unicorn Project” by Gene Kim finally became generally available last week, and I took couple of days while stuck in Toronto to read it. The book describes same events as the DevOps classic – Gene Kim’s “The Phoenix Project”. At least because of that “The Unicorn Project” was a must read in the top […]

No-frills secret sharing with openssl

Motivation Sometimes we need to share a secret with a colleague, and frequently it’s a hassle to do so securely. Worst options include people simply sending plain-text secrets over email or slack. Better, if this is some sort of encrypted email service like ProtonMail, but still it’s a fairly brittle way if we’re dealing with […]