sacha stafyniak

@livingdevops @infisical solves all those issues ❤️ and it's open source

Kubernetes Secrets are not secrets. They never were. You put your database password in a Kubernetes Secret. You felt like you did the right thing. You didn't. Anyone with kubectl access runs one command and reads your password in plaintext. Base64 is a format, not encryption. You just stored your secret in a fancy text wrapper and called it done. That secret also sits in etcd unencrypted by default. So you configure EncryptionConfiguration on your API server. Now Kubernetes encrypts secrets with AES before writing them to etcd. But you still create secrets manually with kubectl. Someone creates one, leaves the company, and that secret runs in production for two years. Nobody knows what it does. Nobody ever rotated it. So you bring in Vault. > Vault gives you dynamic secrets, lease TTLs, automatic rotation, and a full audit log of every access. > Your database password now expires every 24 hours and Vault rotates it automatically. > You stop worrying about leaked credentials because they expire before anyone can do real damage. But now every team needs to talk to Vault and every team does it differently. One writes a custom init container. Another one hardcodes the Vault token directly in the pod spec because the sprint deadline was the next morning. So you use Vault Agent Injector. > You add two annotations to your pod and a mutating webhook injects a Vault sidecar automatically. > The sidecar authenticates to Vault using the pod's own Kubernetes service account and writes secrets as files inside the container. Your app reads files. > You touch zero application code. But your legacy app reads environment variables, not files. So you switch to Secrets Store CSI Driver. > The CSI driver mounts secrets directly as a volume into your pod at startup from Vault, AWS Secrets Manager, or Azure Key Vault. > When the secret rotates in the external store the pod picks up the new value automatically without a restart. But now you have 40 services and 40 SecretProviderClass manifests to maintain. Someone rotates a secret and changes its path in Vault but forgets to update the manifest. The pod crashes at 2am. The secret exists in Vault. The path in your manifest points nowhere. So you bring in External Secrets Operator. > You write one ExternalSecret resource and ESO pulls the secret from Vault or AWS Secrets Manager and creates a native Kubernetes Secret on its own. > You set a refreshInterval and ESO keeps everything in sync automatically. > No manual kubectl. No drift. No 2am surprises because someone forgot to update a manifest. Not everyone needs a perfect solution. Just understand which problem each tool actually solves, and you will know exactly where to go next.

@jaredpalmer I wondering what the next open source project I will sponsor, two questions: 1. what projects would you sponsor ? 2. where to respond to this question on github ?

@elonmusk please tell me OCPP is a flaw, I'm sure we can improve it

⚡️ The first Vite 8.0 beta is here - Powered by Rolldown bringing faster production builds and more consistency - New features such as tsconfig paths or emitDecoratorMetadata support - Align browser targets with Baseline Widely Available More in our post vite.dev/blog/announcin…

@fabrice_mayrand @Keak_ai wow look amazing

Introducing @Keak_ai V3 Keak automatically improves your website 24/7. If you're a performance marketer this is your unfair advantage. Want early access? Click the video👇

Nuxt has played an enormous role in shaping the modern web. Having the Nuxt, Next, and Svelte teams collaborating under one roof is going to be amazing. For me though, an equally exciting aspect of this acquisition is the @Nitrojsdev server framework. Not only is it wonderful for building backend services and APIs, it's also perfect for MCPs. I expect Nitro to play a key role @Vercel's transition to full stack/AI cloud. Congrats to @Atinux @_pi0_ @thewikeo et al.

@jaredpalmer glhf 😂

pray for me

@TheAlexLichter @vuejs What do you think about v4.shurikenui.com

This weeks video is all about my favorite UI library in the @vuejs ecosystem - and you’ll be surprised about my pick. Check out the video and learn why it is THAT library, what makes it special and further honorable mentions

@CreeCoder React

Is there anything like this in Tech?

Too much work to do, and don't have time to make proper release announcements. Let me batch them together for the releases in the recent two weeks 😉 💚 Nuxt DevTools v1.3: New components tree & props view 🌈 Shiki v1.5: 10+ new grammars, better CloudFlare support ▶️ Slidev v0.49: Draggable elements, context Menu, custom routes, v-switch, brand new VS Code Extension 😀 Nuxt Icon v1.0-beta: SSR-friendly, more efficient new approach 🔘 UnoCSS v0.60: Custom reasons for blocklist, better directives 💙 ESLint Stylistic v2.0: Bump ts-eslint and rewrite tests 🪄 Shiki Magic Move v0.4: Svelte components 💖 Sponsorkit v0.14: Circles render, merge sponsors across platforms ✨ New pkg - eslint-plugin-command: On-demand micro-codemod ✨ New pkg - eslint-vitest-rule-tester: Tester for ESLint v9 🙏 Huge thanks to @webfansplz @_kermanx_ @hiroshi_18181 @chris_zyyv @kisaragi_hiu and other contributors for their awesome work! Enjoy! 🚀

@johnsoncodehk What makes it enabled or disabled ?

What is your Hybrid Mode status?

@elonmusk Use "English (World)" as location, to avoid OOBE Then use a@a.com or no@thankyou.com as login for your microsoft account and anything as password, then you will be able to create local account...

Just bought a new PC laptop and it won’t let me use it unless I create a Microsoft account, which also means giving their AI access to my computer! This is messed up. There used to be an option to skip signing into or creating a Microsoft account. Are you seeing this too?

@evanyou @zernonia @vuejs @nuxt_js Yep, was the case, but interesting that no warn was raised

@zernonia @vuejs @nuxt_js btw, just want to confirm the mismatch checks in 3.4 is revealing something that has always been an issue but overlooked, right?

Dear @vuejs , I believe this would be super helpful for radix-vue, headless UI and @nuxt_js 🥹 Especially after upgrading to 3.4 github.com/vuejs/rfcs/dis…

@__Tyki @nuxt_js Fixed ;)

@staff05200 @nuxt_js Yoo, wanted to read your article, but it looks broken :(

I recently wrote an article about nitro and @nuxt_js server cache How it works, how to master it and how to invalidate some part Your feedback or questions welcomed! 👇 cssninja.io/blog/server-ca…

@antfu7 @orta @wooorm @unifiedjs this is so cool 😎 nice job guys

Shikiji now supports TwoSlash! 🥳 Huge thanks to @orta! The API abstraction is so well-designed. It's way easier to integrate than I thought initially. And also @wooorm for the @unifiedjs ecosystem, using hast in Shikiji makes it so easy to extend! github.com/antfu/shikiji/…

Did you know that in @vuejs you can destructure in a `v-for`?

@johanpeitz does it work on Gameboy?

picoCAD is a tiny modeller for tiny models! On sale now at 25% off! 🔗 johanpeitz.itch.io/picocad #screenshotSaturday #lowpoly

@KennethCassel cloudflare key generator 😂

alright last question for the senior swe interview what does this picture mean?

Unlock the power of @nuxt_js 3! 🚀 Watch our Nuxt 3 premium course on November 4-5 during Free Weekend! Learn to create projects, master routing, and harness async data. P.S. Here is a helpful Nuxt 3 #cheatsheet! Save your spot at vueschool.io/freeweekend23 #vueschool #Nuxtjs