security

Restrict FROM address with AWS SES domain identities

aws security snippets
Use conditional keys in your SES IAM policies to prevent attackers impersonating your staff.


Securing Drupal on Kubernetes

drupal kubernetes security presentations
I presented a draft of my DrupalCon talk at the March 2020 Sydney Drupal Meetup.


How to generate temporary download links to S3 objects

aws security snippets s3
Pre-signed URLs are a great way to share large files without giving the recipient permanent access. Learn how to use the AWS CLI to create links that expire after a certain amount of time.


AWS KMS cryptographic operations on the command line

aws security snippets
Leverage AWS KMS on the command line using these simple commands.


Encrypted Drupal Database Connections with Amazon RDS

drupal security aws
Malicious users can intercept or monitor plaintext data transmitting across unencrypted networks, jeopardising the confidentiality of sensitive data in Drupal applications. This tutorial will show you how to mitigate this type of attack by encrypting your database queries in transit.


Can You Keep a Secret? - Bucharest, 2018

hackcamp drupal conferences security presentations
My presentation on secrets management at DrupalHackCamp 2018 in Bucharest, Romania.


HashiCorp Vault for Drupalers

hackcamp drupal conferences security presentations vault
My presentation on HashiCorp Vault at DrupalHackCamp 2018 in Bucharest, Romania.


Securing Drupal: Storing API Tokens in Lockr

drupal security
As seen in the recent Uber hack, storing secrets such as API tokens in your project repository can leave your organisation vulnerable to data breaches and extortion. This tutorial demonstrates a simple and effective way to mitigate this kind of threat by leveraging Key module to store API tokens in remote key storage.


Can You Keep a Secret? - Auckland, 2017

drupalsouth drupal conferences security presentations
My presentation on secret management at DrupalSouth 2017 in Auckland, NZ.