I'm stuck trying to decrypt a Kinesis stream from an Aurora DB, and I'm following this page.
I need to decrypt the activity event using the data key (already decrypted via the kms SDK).
Unfortunately, it seems that there is no encryption SDK for Go:
https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/programming-languages.html
Do you know any workaround to decrypt this in Go?
Any help is appreciated, thanks!
Related
Is there a way to securely store and retrieve an API key in windows?
For instance, is there a windows service/api that can be used by a (c#) desktop app to store and retrieve a key?
If the key has to be placed on a client machine, it can be read out. Which language you use or what kind of storage doesn't matter. At the end you'll have to send that API key to your server to authenticate yourself and at this point someone can use a proxy like Fiddler to inspect the data and record that API key.
To accomplish this issue you need a (web) interface for your customers, where they can log-in and manage their API keys, so they can request new or revoke old keys. Also your desktop tool needs in that case some input mask, where the user can enter that key (and you store it in registry or file system).
By using this approach each customer can use its own key and if it is compromised you (or the customer) have only to revoke this single key without affecting the other customers.
Sorry to answer my own question, but it appears Windows Credential Manager and the underlying Data Protection API is designed for this very purpose. It's the same vault used by Windows to store it's various passwords.
And it has a nice c# API.. https://learn.microsoft.com/en-us/dotnet/standard/security/how-to-use-data-protection
Answered more fully here.. PasswordVault security when used from Desktop app
My Azure App's client secret expiry was set to 3 months which has expired and the application has stopped. My questions are:
How can I get the new client secret to the same Azure App to
replace the new client secret in my NodeJS application?
Also is there a way to get a warning or message/mail before the client secret expire?
How to check the expiry of client credentials without using the Azure portal( that is by using REST requests if any)?
Screen Shot showing expiry in Azure portal. Can we get this expiry somehow by REST requests?
How to check the expiry of client credentials without using the Azure
portal( that is by using REST requests if any)?
You should be able to use Graph API to get this information. The operation you would want to invoke is List applications which will give you a list of application objects. The property you would want to check is passwordCredential for credential expiry.
Also is there a way to get a warning or message/mail before the client secret expire?
AFAIK, there is not an automated way to do this. I believe I read somewhere that Graph API team is working on it but there was no ETA provided for this by them. For now you have to roll out your own solution. You may write a timer-triggered Azure Function which runs daily. This Function can get the list of applications and filter out the applications credentials for which are expiring soon and take action on that.
How can I get the new client secret to the same Azure App to replace the new client secret in my NodeJS application?
Based on your comment, considering you are currently doing this process manually so I would assume you can continue to do so. Once you know that the secret is expiring soon, you can create a new application secret and at appropriate time replace the old secret with the new secret.
Does SNS support token based connection to APNs?
I see the AWS documentation on certificate based connection to APNs, but don't see any way to connect via tokens.
Is this available? If so, is there any AWS documentation on this because I can't find it.
Currently (i.e as of 07th March 2020) Amazon Simple Notification Service (SNS) doesn't support Token Based Connection (.p8) to APNs
I would like to refer you to another AWS service called Amazon Pinpoint which I know support Token Based Connection (.p8) to APNs.
SNS now supports token-based authentication for APNs, using .p8 files. You can find more information about it here: https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-sns-token-authentication-api-mobile-notifications/
I need to connect Google Data Studio to AWS Athena. One way to do that is with a the JDBC URL connection option. I used the following parameters in the Database Authentication form and I got the error shown below:
Params:
Url
jdbc:awsathena://athena.us-east-2.amazonaws.com:443;UID=[MY_AWS_ACCESS_KEY];PWD=[MY_AWS_SECRET_KEY];S3OutputLocation=s3://[S3_OUTPUT_BUCKET];
Username
[MY_AWS_ACCESS_KEY]
Password
[MY_AWS_SECRET_KEY]
Error:
The server encountered an internal error and was unable to complete your request.
Any solution to connect Google Data Studio to AWS Athena or even connect to AWS S3 should solve this problem. I tried this Google Apps script to connect to S3 but failed to connect with authentication error as shown in this open issue.
An open-source connector for Google Data Studio now exists here.
To use it, you need to follow the instructions detailed here, i.e. copy/paste the code into a Google Apps Script Project and then deploy it to Google Data Studio.
Google Data Studio does not appear to support installing drivers (not that surprising, since it's a hosted, not self-hosted, app).
I think your best bet would be to create a connector -- I actually am surprised no open-source community connector exists yet. I think basically you'd need to wrap the Athena API, following the Google Data Studio connector guide. It's not simple, but it looks doable...
Hi i have Outlook plugin that send request to my WCF Service. I faced with some issues regarding public folders. So the one way to resolve it to save user Account and Password inside plugin configuration (saved in system registry key). What is the safe way to save it and send it to server?
You can use CryptProtectData and store the data in file or registry. The data can be decrypted using CryptUnprotectData. The data is encrypted in such a way that only the user with the same credentials can decrypt the data, i.e. it cannot be decrypted from another computer or when running in a secury context of a diffent Windows user.
Microsoft itself uses these functions to store credentials for the POP3/IMAP4/SMTP accounts in Outlook.