I like being able to give realistic examples when I give trainings, and I address the pros and cons of Ansible Vault when we spend a few minutes on that topic. For years now I’ve had a bit of a bee under my cap: would it be possible to unlock a Vault file with a smart card? I know it’s possible using, say, a Yubikey with an age key on it, but how about a GnuPG-compatible smart card? And what if the smart card were local and the unlocking had to be triggered remotely?| Jan-Piet Mens
I’ve been asked a few times over the course of the same amount of days, what would happen if the powers that be began deleting top-level domains (TLDs) from the DNS system, and whether there is som...| jpmens.net
Many people use some form of manual fumbling configuration management to create or manage content of remote machines’ ~/.ssh/authorized_keys files, and whether it’s the likes of Chef, Puppet, Ansible, or your particular poison, the principle is the same: SSH public keys are copied into static files on the target systems. This works very well and is a well-understood technology. (At this point I’ll remind of the existence of ssh-copy-id, likely easier and less error-prone to use than man...| Jan-Piet Mens
A zone digest is a cryptographic digest, or hash, of the data in a DNS zone which is embedded in the zone data itself as a ZONEMD resource record. It is computed upon publishing the zone, and it ca...| jpmens.net
Versatile, classic, complete name server software| www.isc.org