> I still have nightmares about trying to set up SSL with nginx and my own self-managed certificates. For anyone who needs to run their own CA (which I'm now doing for my homelab), I've found that using GUI software like KeyStore explorer is a sufficiently easy and lazy way of doing that, which actually works well, both for securing regular sites, as well as doing mTLS: https://keystore-explorer.org/ > Shoutout to... - Source: Hacker News / 15 days ago

Yes, that's clear but you need the private key to create a CSR. I'm guessing since you are using a Java app you should either have a JKS (old fashioned) or a P12 (pkcs12) keystore, one of those should contain the private key, you can use keystore explorer to extract the data. Https://keystore-explorer.org/. Source: over 1 year ago

Personally, I've also had decent experiences with Keystore Explorer: https://keystore-explorer.org/ I actually wrote about using it on my blog, which has plenty of screenshots: https://blog.kronis.dev/tutorials/lets-run-our-own-ca. - Source: Hacker News / over 1 year ago

Then let me tell you about keystore explorer https://keystore-explorer.org/ which will make your life a lot easier (and less chance that there are more then 1 keys inside your keystore. Source: over 1 year ago

I... Kind of like it? Not the fact that using such a GUI would be almost impossible, like the humorous example of an "engineer oriented UI" in the Silicon Valley series https://www.reddit.com/r/SiliconValleyHBO/comments/4nvvnl/pied_pipers_easytouse_tools/ which might be confusing for most people. But rather the fact that all of the complexity the software has is laid bare, so that nobody could mistakenly assume... - Source: Hacker News / about 2 years ago

Docker has revolutionized the way we build, ship, and run applications. However, when it comes to handling sensitive information like passwords, API keys, and certificates, proper security measures are crucial. Docker secrets provide a secure and convenient way to manage sensitive data within containers. - Source: dev.to / about 1 year ago

Are you using swarm mode? If so, you might want to consider using secrets. Source: over 1 year ago

Have a look here https://docs.docker.com/engine/swarm/secrets/. Source: over 1 year ago

To use a secret you have to map it during the creation of a service (in this case redis like in the documentation:. - Source: dev.to / over 1 year ago

Using docker secrets: This seems a no brainer, however, I haven't yet fully understood the documentation entry. For example, after reading this entry I still don't know if I can use docker secrets along with my strategy of having a separate .env file containing the environment variables (and the sensitive ones being handled by docker secrets). I have to enable swarm mode and I don't fully understand the... Source: almost 2 years ago