Comment on Display A ‘Song Of The Day’ In MOTD From Navidrome Playlist
non_burglar@lemmy.world 2 weeks agoWell, it’s not super difficult. I sort of mash my way through getting data by api by just using curl and then clumsily filtering the output.
You’ve already got the mechanism to get the data, I think your solution is fine. My way to do it is just a relics from my time working with a bunch of devs.
Just yanking your chain bro. But back to your admonishment about the vault. I’ve often wondered about it. We keep secrets in .env files etc. Of course, if a nefarious actor gained entrance to the server, at that point, would a vault help? Just spitballing. My security is pretty tight in my estimation. Some even have told me it’s overboard. However it has served me well over the years without incident, but it is something always in my mind. You’re a programmer, what would you recommend?
non_burglar@lemmy.world 2 weeks ago
Hah! By trade, I’m a sysadmin, my daily is security reviews at the planning and governance level.
I spent a good 6 years working in a Dev shop, and I picked up a lot of habits there, learned a ton about rest APIs, etc.
Setting up a vault for secrets (Hashicorp’s vault is a popular one) might be a bit overkill for your needs in a homelab, but it’s a great way to inject some security into python, bash scripts, which I think is useful, because lots of us start with scripting and move from there.
The basic mechanism is you set up the vault, define pools, etc and then use a token request instead of putting the secret in the script itself. There are tons of examples for each language and mode, but i just use a vault command in the script, throw the output in a variable and that’s pretty much it.
Secrets management in Dev and devops work is really interesting, if you ask me. All the way from the IDE to prod, there are many ways to leak passwords, api tokens, paths no one should know, etc.
I took it as a positive.