Create a base lab environment in GCP for running Gitlab, Vault, Open Policy Agent for testing and learning Policy-as-code enabled Shift left security in pipelines.
- Initial lab environment with gitlab and vault in gcp
- opa evaluated terraform
- helm charts deployed and validated from terraform
- whitelisted charts only allowed in policies
- deny google cloud iam changes
- use weighted values for changes based on risk evaluation
- deny unless service apis are whitelisted
- Integrate vault secret store into kubernetes
- Manage vault users via terraform
- Migrate terraform code to modules
- OpenPolicy Agent
Validation of terraform, vault policy, and helm deployments based on Rego
policy files in
policy/ - Snyk provides security scanning, secret scanning, policy as code tests, CVE scanning, Licence checks, Dependancy/Version Management, and code scanning
- Terraform Cloud is our GitOps workflow for managing deployments of IaC and Applications via Helm charts
- GKE is our cloud of choice.
Some services would need to be setup before hand then one needs to pass these along as terraform varables
| Name | Description |
|---|---|
| _SNYK_API_KEY | (string) Snyk enterprise api key |
| _INFRACOST_API_KEY | (string) infracost api key |