Comment on Display A ‘Song Of The Day’ In MOTD From Navidrome Playlist
irmadlad@lemmy.world 2 weeks ago Well, it’s not super difficult. I sort of mash my way through getting data by api by just using curl and then clumsily filtering the output.
Just yanking your chain bro. But back to your admonishment about the vault. I’ve often wondered about it. We keep secrets in .env files etc. Of course, if a nefarious actor gained entrance to the server, at that point, would a vault help? Just spitballing. My security is pretty tight in my estimation. Some even have told me it’s overboard. However it has served me well over the years without incident, but it is something always in my mind. You’re a programmer, what would you recommend?
non_burglar@lemmy.world 2 weeks ago
Hah! By trade, I’m a sysadmin, my daily is security reviews at the planning and governance level.
I spent a good 6 years working in a Dev shop, and I picked up a lot of habits there, learned a ton about rest APIs, etc.
Setting up a vault for secrets (Hashicorp’s vault is a popular one) might be a bit overkill for your needs in a homelab, but it’s a great way to inject some security into python, bash scripts, which I think is useful, because lots of us start with scripting and move from there.
The basic mechanism is you set up the vault, define pools, etc and then use a token request instead of putting the secret in the script itself. There are tons of examples for each language and mode, but i just use a vault command in the script, throw the output in a variable and that’s pretty much it.
Secrets management in Dev and devops work is really interesting, if you ask me. All the way from the IDE to prod, there are many ways to leak passwords, api tokens, paths no one should know, etc.
I took it as a positive.