DevSecOps Notes

 OAuth - Authorization between services  OAuth  The valet key example Access delegation The OAuth flow OAuth Access Token - Contains user-allowed permissions - Trustable (cannot be tampered) JWT (JAWT) - secure comunication RFC 7519 Authorization strategies - session token - reference token - JSON web token - value token HTTP - statless ( have to have all information for the connection) Session ID + Cookies -> most popular mechanism for authorization Sticky session for load balancer solution JSON Web Tokens (JWT) How does JWT looks like?

a) Overview b)  Readme Govermance   documentation c)  what should within the documentation Scope - what project consist and not consist of  Mission  Values and principles

1. Network architecture   Distribution layer - which is sometimes referred to as the aggregation layer , provides route filtering and interVLAN routing . Management ACLs and IPS filtering are typically implemented at the distribution layer. The distribution layer serves as an aggregation point of access layer network links. Because the distribution layer is the intermediary between the access layer and the core layer , the distribution layer is the ideal place to enforce security policies and to perform and to perform tasks that involve packet manipulation, such as routing. Summarization and next-hop redundancy are also performed in the distribution. 2-tier architecture Collapsed Core Layer 3-tier architecture Cisco three-tier network design model Core Layer - The core layer typically provides the fastest switching path in the network. As the network backbone, the core layer is primarily associated with low latency and high reliability. 2.  Power over Ethernet (PoE) Cisco C...

  1. Overview Access private resources user needs: - vpn/ssh credentials - ip/subnet - DB credentials Access private resources challenges - offboarding / onboarding users - key rotation  - unstatic ip address - expose credentials Zero trust security model Dynamic, ephemeral enviorments single sing on with idp  role base access control with policy  logical service Boundary features:  - offboarding / onboarding users - it is enough to remove them from idp - high level policies - user do not get asses to private network - credential do not have to be given to user. Gateway fatched them from vault if gateway can comunicate with vault, or vault is used.  User -(connection)->  Worker -> target endpoint Worker -> Controllers User -()-> Controllers -> DB Controls Workers CLI UX Desktop App  Terraform Provider Dynamic Host Set     - AWs     - Consul     - k8s 2. 

 1. Overview - Waypoint - a project that unifies workflows fr build, deploy, and release platforms. Developers: - write code - test application - build - deploy - release - operate - measure source code + manifestation  => platform (Waypoint) waypoint up Deployment - gitops system - chatbot system - cli waypoint logs waypoint exec waypon 2.