Backing up Jenkins Now that I have a running Jenkins instance with a few pipelines setup, I would like to be able to easily recover my setup in case something happens to the main instance. Also, it’s good practice to regularly backup things like your configurations, Jenkins, and databases. But, what do you need to back up exactly? What to Backup It depends exactly on your specific use-case and needs. Do you need to restore the exact version of plugins you had installed? Do you need access to the builds history? Do you need access to old build artifacts? Logs? Jenkins has a guide that details the minimal amount you need to backup in order to restore your pipelines which is a good start. You can add more directories to backup, like jobs, workspaces, plugins, etc.. as the need comes up. I recommend taking time to truly think of your needs and only include what’s truly necessary. ...

Automating my operations - aka DevOps As part of my day job, I regularly interact with systems such as jenkins, terraform, ansible/salt, etc.. without really understand the full power of these systems and what they enable. Time to change and dive in deeper and actually use them for my personal projects. So, what are common tasks that I need to automate: Creating / Destroying the necessary infrastructure, such as setting up VM’s with a sane default firewall with all the common dependencies pre-built into the image or installed as part of user-data. Deploying the apps to the setup machines with any necessary configuration Shutting down and restarting services Updating configuration Deploying new changes to the machines Creating a staging/dev environment to test changes in before they are deployed to production. These tasks can usually be automated and managed via: ...

Securing your Backend I’ve been learning how to use react and nextJS to build a frontend for one of my projects. I’m using Flask to build the API backend server that will provide the main functionality. I want to limit abuse of the API server and came across several options. Options CORS CORS is a mechanism that’s enforced by the browser to limit access to a server’s resources. However, since it’s only a browser enforced mechanism, a user can replay the request using another method like curl. ...

3 Podcasts I’ve been Listening to Podcasts have been around for a long time, but I’ve only started listening to podcasts around the end of 2021/early 2022. I don’t know why I had a bad image of them in my mind and resisted giving them a try. Turns out I was wrong, and podcasts have a variety of formats that aren’t just two guys talking to each other. I could’ve learned a lot while doing chores / driving around instead of listening to the same songs over and over again. ...

Here are things I would’ve found valuable when first starting out: 1. Version control (git) - beyond the basics As a Computer Student I learned and used git as part of my individual projects and group projects. But, that git knowledge was minimal. It consisted of how to check in code, commit, push to remote, resolve conflicts, create a branch, merge a branch. Working on longer term projects with a larger team required a different set of knowledge like: ...

Originally published April 2024. Substantially updated October 2025 with expanded analysis and debugging insights. I spent 3 days debugging why ProxySQL wasn’t redirecting queries to read replicas. I checked the configuration. I verified queries redirected when using the CLI. I confirmed auto-commit was enabled. I read the docs cover to cover. The problem? My test framework. The test setup created nested transactions with writes, which pinned everything—including my auto-commit query—to the primary DB. ProxySQL was working fine. My testing setup was broken. ...

Original Problem We have two directories plaintext and secret, which hold the unencrypted files and their encrypted counter parts respectively. We need to detect changes to plaintext and sync them to secret. Common Methods Polling Based The simplest method is to check the directory on a regular interval (polling) for changes by walking the directory and its files and comparing it against the cached last known state. This method can be less efficient and timely than the other two methods below but it’s biggest advantage is it is the least OS dependent. ...

Rclone is a popular command line tool to sync and manage files on a cloud storage. It supports a wide variety of backends (referred to as remotes) and has support for a crypt remote that encrypts the files before storing them in the target backend. For this evaluation, I only looked at the local file system as the backend, however, it still applies to any other configured backend. The configuration steps are detailed in the crypt page. The defaults are good and turn on both filename and directory name encryption, it also includes an option to generate the passwords (encryption and salt) from /dev/urandom for the user. The filename and directory name length can’t be larger than 143 characters which is smaller than the other solutions we looked at. ...

Cryptomator vs. gocryptfs The rough solution I came up with using age is called file based encryption which operates on selected directories and files and distinguishes it from disk encryption which encrypts the whole disk. Exploring some of the existing solutions, cryptomator and gocryptfs stood out to me as the most used and updated, so I decided to learn about them and give them a try. This post will highlight the similarities, differences, my experiences, and what I’d ultimately recommend to both technical and non-technical people. ...

Sensitive File Cloud Back ups I have a folder in my laptop that contains sensitive information that I’d like to backup/sync. I’m not worried about the security of the storage provider1 I’m uploading to, but I don’t want them to be able to parse the file for any purpose. My threat model is preventing the storage provider from reading the contents. I somewhat trust the cloud provider to not compromise my files to external entities. ...