Ephemeral Jobs Monitoring Using Prometheus PushGateway

As with any other long-running services, Ephemeral (or in Kubernetes term Batch or Cron) Jobs also needs to be monitored to gather critical metrics and for Altering when something goes wrong. This article describes how we can monitor these short-lived jobs by explaining What is the problem with Prometheus What is PushGateway & why it is necessary Demo using a sample application

July 14, 2020 · 1 min · Ramesh Lingappan

Managing Application Secrets Like a Pro Using Google Secret Manager

At the beginning of last year, I wrote an article titled How to secure and manage secrets using Google Cloud KMS , explaining how we can use Google Cloud KMS (Key Management System) to encrypt secrets and securely use it in our applications. I mentioned it is a decent approach because of the lack of support for good secret management solutions within the Google cloud ecosystem. It is kind of, a hacky way to get the job done, because, ...

April 4, 2020 · 1 min · Ramesh Lingappan

Google Cloud Run Service with gRPC using Spring Boot

Welcome to another article on Google Cloud Platform. If you are building services using GCP then you might already know the several limitations that come with it. One of them being a lack of support for gRPC in their easy to use solutions such as Google AppEngine (Standard and Flexible), Cloud Functions or in the initial days of Cloud Run. So if we need to support or have our own gRPC services then we need to use either Google Compute Engine or Google Kubernetes Engine, which is not an easy solution for several small use cases.

March 31, 2020 · 1 min · Ramesh Lingappan

What Is Secure Remote Password(SRP) Protocol and How to Use It

“Password” this crazy piece of string worth a lot, get a lot of attention but yet very hard to process & hide. Even with the multi-factor approach, it is crucial to design the first step right (which is what the user knows). It becomes increasingly harder for the software systems to securely authenticate their users, process the sensitive password in a right & secure way. One of the most common approaches is, Password Hashing

November 21, 2019 · 1 min · Ramesh Lingappan

Going Multi Regional in Google Cloud Platform

For a successful business, it is important to know who your customers are. Knowing your customers helps to understand your business better, build better versions of your ideas, and can make effective decisions for the successful long run. Everyone knows it right! When it comes to software infrastructure, it remains important. Knowing your customers greatly improves the performance of your application, makes it more resilient, after all, no one likes to wait for the response :) ...

November 3, 2019 · 1 min · Ramesh Lingappan

End to End Restful Api Development Using Openapi Specification

Learn how OpenAPI Specification (formerly known as swagger), a language-agnostic interface to write RESTful APIs which allows both humans and computers to understand the service capabilities. With the increasing number of adoption towards service-oriented architecture and for better integrations with external systems, it became a necessity to write Restful APIs for our services. While building so we might often find several challenges such as, Standard & Consistent API design Better documentation Client Libraries Playground (better developer experience) So while writing APIs, we have to make sure it sticks to a standard design principle, update documentation (hosted elsewhere) and finally write client libraries (harder if you have to support multiple languages). Doing all of this manually is a painful job. Likely we have OpenAPI Specification (formerly known as swagger), which offers us a standard, language-agnostic interface to write RESTful APIs which allows both humans and computers to understand the service capabilities. ...

October 23, 2019 · 1 min · Ramesh Lingappan

Best practices for building secure API Keys

We all know how valuable APIs are. They’re the gateway to exploring other services, integrating with them, and building great solutions faster. You might have built or are thinking of building APIs for other developers to use. An API needs some form of authentication to provide authorised access to the data it returns. There are several authentication standards available today such as API Keys, OAuth, JWT, etc. In this article, we’ll look at how to correctly manage API Keys to access APIs.

September 30, 2018 · 1 min · Ramesh Lingappan

What is session hijacking and how you can stop it

This story is for beginners and anyone who has a basic understanding about cookies (sessions cookies), but who’s not sure how to secure them properly. You don’t have to be a security expert to do that. You just have to understand the process and then you will know.

April 24, 2018 · 1 min · Ramesh Lingappan