#security

4 articles

Designing Security Policies for dotsecenv

5 May 2026 Blog also on Medium

A long weekend, a SUID dead end, and the simpler design that shipped.
Read →
Why Your .env Secrets Shouldn't Be Plaintext on Disk

31 March 2026 Blog also on Medium

Why plaintext .env files are a prime target for supply-chain attacks, and how dotsecenv keeps developer secrets encrypted at rest with GPG.
Read →
Secure Services With Let’s Encrypt SSL/TLS Certificates Using DNS-01 Challenges

12 September 2022 Blog also on Medium

Issuing and renewing Let’s Encrypt SSL/TLS certificates with the DNS-01 challenge in Go, for services that cannot expose HTTP, using Cloudflare DNS and certmagic.
Read →
Google Cloud Keyless Authentication in GitHub Actions

2 August 2022 Blog also on Medium

Authenticate to Google Cloud from GitHub Actions without long-lived service account keys, using OIDC and Workload Identity Federation, in five steps.
Read →