Ben Oram

Quick notes on tech, AWS, .NET & containers

| 1 min read

Where possible, leverage the Alpine docker image for ASP.NET Code. Out of the box, the image is more secure than the default Debian buster image, and the Alpine images are a bit smaller.

docker pull mcr.microsoft.com/dotnet/aspnet:5.0-alpine

| 1 min read

A nice and simple guide from Ken Disbrow for using Marked 2 as a Markdown preview tool for Drafts

Using Drafts and Marked 2 by Ken Disbrow


| 1 min read

MinVer is a tool that you can use to generate a version number that is based on your git repository history.

The tool does require .NET, but there is no requirement that you develop your app in .NET

Within your GitHub Action workflow, you can run MinVer to generate the version number and store it in an environment variable for later use.

GitHub checkout and set fetch depth appropriately

- uses: actions/checkout@v2
  with:
    fetch-depth: 0

Retrieve version and store in env

- name: Set APP_VERSION based on repo w/MinVer
   run: |
    dotnet tool install -g minver-cli -v q
    APP_VERSION=`minver`
    echo "Adding version to GITHUB_ENV: APP_VERSION=$APP_VERSION"
    echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV    

Example: Reference the variable in later steps

- name: Publish artifact to GitHub
  uses: softprops/action-gh-release@v1
  with:
    files: artifacts.zip
    tag_name: ${{ env.APP_VERSION }}
  env:
    GITHUB_TOKEN: ${{ github.token }}

References


| 1 min read

When launching a Windows instance via an AWS AMI, a password is automatically generated, and encrypted using the keypair associated with the instance.

As a best practice, this generated password should be changed. Many folks choose to create a new local administrator account with a unique username, and additionally many teams choose to join the instance to a domain, and let the domain handle authentication.

Finally, starting with Windows Server 2016, AMIs maintained by AWS are configured to allow generated passwords to expire.

References


| 1 min read

Storing secrets in source control is something to avoid. Secrets stored in git can easily be inadvertently shared though a fork or push to a public origin, and they are easily found in-bulk by anyone with read access to the repo.

For .NET developers that need secrets on their local machine, leverage dotnet user-secrets to store secrets that can be easily retrieved through configuration. For Mac users, secrets are stored in ~/.microsoft/usersecrets

Prereq

From your project’s source directory, run this command. It only needs to be run once.

dotnet user-secrets init

Set a secret from command-line/terminal

From your project’s source directory

dotnet user-secrets set "db:password" "VerySecurePassword!0!"

Retrieve secret in code

var password = Configuration["db:password"];

References


| 1 min read

AWS managed keys are rotated automatically every 3 years. For these keys, there is not a way to manually trigger a key rotation, or change the rotation schedule. These are AWS Managed Keys after all :)

Customer managed keys in KMS have more flexibility. While key rotation is not required, they can be configured automatically rotate every year. In addition, key rotation may be triggered manually, or a rotation can be triggered manually or through API.

To enable manual rotation, make sure that all key references are through an alias. Aliases enable manual key rotation by allowing you to point the alias to a new key at any time.

References