Restrict FROM address with AWS SES domain identities

If you are working with an application that sends email, you’ve probably come across “DKIM” which is cryptographic signing of emails to prevent impersonation of people within an organisation. Unfortunately AWS SES only supports DKIM signing for domain identities - not single-address identities. This means even if your application only sends email from a single address such as contact@example.com - to set up DKIM you need the entire example.com domain verified....

November 9, 2022

Drush 8 Exit Code Workaround

A bug in older versions of drush stop errors bubbling up to shell exit codes. This is problematic if you have a shell script with a sequence of commands that depend on the previous one completing successfully. It also makes detecting failed CI builds, deployments and cronjobs near impossible. Unfortunately I’m stuck using drush8 as Lagoon does not support dynamic drush aliases in newer versions. The bash function below will terminate a script with exit-code 1 if the output piped to it includes exception or error....

October 15, 2020

Force git to use HTTPS

Recently I encountered an issue where a CI tool could not fetch certain dependencies as the SSH key used for cloning the main project did not have access to the other repositories. To work around this, I opted to clone the private dependencies via https, passing the credentials in the URI. The magic to force this without changing composer.json: # Set the COMPOSER_USER and COMPOSER_TOKEN environment variables to a user which has access to clone these repos....

April 28, 2020

Log in to GitHub Docker registry with just a token

I recently worked on a project to push our private docker images to GitHub’s package registry. Our CI only had a GITHUB_TOKEN environment variable set, but docker login requires a username too. Rather than add a new environment variable to the build and an assumption that the username and token had to match, I used this snippet to derive the username from the token and log in to the registry....

April 27, 2020

Get personal Slack tokens from the web interface

I am currently in 5 slack organisations and wanted to automate setting my status across all the orgs simultaneously. Unfortunately Slack have deprecated personal api tokens… You may also be in an environment where slack apps are tightly controlled. Don’t lose hope though - with a bit of l33t h4x0ring you can get a personal bearer token from the web UI! Log into slack in a browser with devtools available (a URL like https://your-org....

April 17, 2020

Improve your bash scripts with this boilerplate template

First up - here’s the template. Continue reading below for an explanation of each component. Unofficial Strict Mode set -euo pipefail IFS=$'\n\t' There’s a few things going on here - set -e will exit the script if any command returns a non-zero status. set -u will stop a script if using an undefined variable. set -o pipefail will terminate the script at the first failed command in a pipeline....

March 14, 2019

How to generate temporary download links to S3 objects

S3 has a feature which allows you to generate signed URLs which are valid only for a predefined period of time. This makes it much safer to distribute URLs via email/slack etc.. Process Find the object in the S3 console and note the bucket name and object path. Ensure your AWS credentials are loaded into your environment. Use the AWS CLI to create a pre-signed URL: # TTL is the number of seconds until the URL expires....

March 5, 2019

AWS KMS cryptographic operations on the command line

AWS KMS is a managed service for cryptographic functions in AWS. This service allows you to offload the tough job of key lifecycle management to Amazon. These snippets will allow you to perform basic cryptographic functions - encypt, decrypt, and rewrap. It is assumed you already have a KMS key provisioned, and you have a IAM user with permissions to perform the relevant operations. Encrypt the Contents of a File This command encrypts the contents of contents....

February 28, 2019

How to use count with data resources in Terraform

tl;dr version: "${element(data.github_team.pull.*.id, count.index)}" While writing a little terraform module to manage github repositories, team permissions and branch protection rules, I ran into an issue where github_team_repository resources need the team ID, but github_branch_protection resources need the team slug. This was annoying as I wanted the module to have a single variable which served both purposes. I ended up having a variable var.teams_pull which accepted a list of team slugs....

February 27, 2019