Use a custom domain, manage TLS certificates and apply e2e security to cloud app

End to end security for a cloud app on IBM Cloud

Well, that title is a little bit long and ugly, but it basically describes what I wanted to tell you about today. A while ago, I blogged that my team published a tutorial "Apply end to end security to a cloud application". It demonstrates how to use secure network traffic (data in transit), cloud object storage (data at rest), and the app itself by access control (authentication). The app runs on the IBM Cloud Kubernetes Service (IKS). By default, the app is exposed on an IBM Cloud-supplied hostname and domain. I updated the tutorial to show how to use a custom domain and deploy a TLS certificate managed by the IBM Cloud Certificate Manager.

BYOK to encrypt Kubernetes secrets on IBM Cloud

Add Key Protect

Few days ago, it was announced that IBM Cloud Key Protect integrates with the Kubernetes Service. It means that cluster secrets such as service credentials, TLS certificate information and other confidential information can be encrypted using a managed root key. That root key is either generated or can be imported (bring your own key, BYOK). What needs to be done to wrap this additional layer of security around your cluster? Read on.

Impressions from Zeppelin flight

Zeppelin flight

Recently, I had the opportunity to fly on a Zeppelin NT, the kind of Zeppelin I had blogged about before. The 6+ hour flight was a once in a lifetime opportunity because it could not be booked. It took as from Bonn Hangelar (EDKB) to Friedrichshafen (EDNY). Our journey started with a detour over Cologne, then following the Rhine up to Karlsruhe, taking a turn to Stuttgart and from there down south to Lake Constance (see the rough route we took on the right).

Db2 Node.js and Python drivers and ORM

I am back from the Db2 Aktuell conference with my talk about Db2 app development and IBM Cloud. One of the many questions I received since then is about where to find the Db2 drivers for Node.js and Python. What type of ORM (Object-Relational Mapping) libraries are supported? Let me briefly answer that here and provide some links.

Db2 drivers turning bits into information

Db2 and Node.js or Python

Db2 supports many programming languages for database application development, a good overview is in the Db2 Knowledge Center. Node.js and Python use the open source drivers for IBM Database Servers that are available on GitHub.

• Last year, I blogged about the Python drivers and that IBM actually provides four different ones. The reason is that there are different Python APIs and frameworks, including SQLAlchemy and Django. Both of them feature their own ORM layer.
• For Node.js, a popular framework is Sails with its Waterline ORM. Db2 is a supported database. A popular Node.js API framework is Loopback by the IBM company Strongloop. The Db2 connector can be found in this GitHub repository. Sequelize is a promise-based ORM, the Db2 driver team has started adding support.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.