Securing a site with Letsencrypt, AWS and Terraform

Introduction Google Chrome will start marking HTTP sites as ‘not secure’ by July 2018. This is as good time as ever to secure our sites. If you happen to be deploying your site on AWS and provision your infrastructure using Terraform there is a simple way to generate certificates using Terraform and LetsEncrypt. LetsEncrypt is an open and free Certificate Authority (CA) provided by the Internet Security Research Group (ISRG).
Read more

Encrypting secrets with AWS KMS

$ aws kms encrypt \ --key-id $KMS_KEY --plaintext 'my-secret' --output text --query CiphertextBlob > ./secret Encrypting a secret gives us a binary string that’s base64 encoded. That’s right, two levels of encoding. $ aws kms decrypt --query Plaintext --output text --ciphertext-blob fileb://<(cat secret | base64 --decode) | base64 --decode my-secret% Decrypting a secret takes a binary string as input (not a base64 encoded one!) and returns a base64 encoded string.
Read more