DEMO: secrets-nats-kv backend CLI, wash secret, wash keys gen curve
As always, it's difficult to capture the goodness of this demo in notes and so please check out the recording below.
We are working towards releasing all this new functionality in 1.1.
You may have noticed we're working on Secrets support in wasmCloud and may have seen a recent example in main under example/security/secrets.
Uses a provider that authenticates with Redis and uses the wasmCloud functionality to apply this to a component.
Today, we're walking through a new version of this example that depends on a couple of unreleased tools (wash latest etc) but it's important to note these are all standard binary examples.
What this shows is how wasmCloud supports storing encrypted Secrets in a NATS bucket.
This is important as for many of the larger organizations looking at adopting Wasm Secrets support is essential.
Watch the demo below for all the details and the wider discussion, and follow along in the README.
Side note: Will this be WASI-Secrets - we hope so!
Thank you to the wider Wasm community and wasmCloud maintainers for the work dedicated to this important update.
Sub-command in wash
Wadm Support for secrets
DISCUSSION: Secrets support in Golang provider SDK
Continuing the Secrets theme, we're excited to show how we've added Secrets support in our Golang provider SDK.
As part of the updates in the main wasmCloud repo we needed to update the capability provider in Rust to support Secrets.
Backwards compatible- work with newer versions of the host and only the Secrets fields are encrypted.
Tl;Dr bringing providers that doesn't know about Secrets be no issue (as long we you don't try to give it a Secret).
Capability Providers in Rust will be updated to support Secrets - Postgres (connection string/password). Moving to remove plain text.
The Golang provider also needed to be updated too to support Secrets. This just landed earlier today!
The Golang Provider SDK now supports the same features as the Rust Provider SDK.
Secrets are passed to the provider encrypted using a key that only the host knows about.
In Go the use of Secrets is simple: update and integrate.
Take look at the demo to see how this looks. Couchbase Support in WasmCloud is tied to this. Check out how these two elements tie together in the recording.
There has been a lot of discussion on the interface and functionality in the WebAssembly repo. Take a look for the update and discussion.
Colin: Use case: how do we handle latency if we continue to handle processing within the component?
Edge is the obvious use case. Reducing network traffic: if we receive a request we want to send a response immediately. If there is additional processing will delay the response. If linked to HTTP, can we set responses? Possible trade off.
Watch the recording for the full discussion.
Brooks, do we want to add something here? I am not sure what we concluded.
We noticed that it's hard to look at wasmCloud as a project and find out what is available to use!
Voila! This Capability Catalog talks at a very high level about the capabilities (WIT worlds) that are available and the capability providers (inc. Couchbase provider) that are freely accessible.
User Livestream: Wednesday 14th August, we're super excited to announce long-time friend and Adobe's Principal Engineer Colin Murphy, will be joined by Akamai's Frank Paolino on Cloud Native Live to look at how Wasm Components can run across any cloud, any K8s, or any edge with CNCF wasmCloud. This is such an exciting industry collaboration with wasmCloud, don't miss it! RSVP and watch on the CNCF page. Watch on YouTube.
Open Observability Talks podcast: Taylor joined Dotan Horovitz to discuss all things WebAssembly, and how it is the next frontier in the evolution of cloud native computing. This was a great session - recommended listening.
ShipIt!: Bailey and Taylor joined the good folks over at Changelog's ShipIt! podcast to discuss WebAssembly Standard Interfaces (WASI), trade-offs for portable interfaces and why WebAssembly is the Kubernetes of Lambda.
Cloud Native Live: all things Wasm and Kubernetes. Dan Norris and Taylor Thomas's stream: "Advanced Kubernetes Integrations with wasmCloud" looked at some advanced extension points work, using the wasmCloud operator as the backdrop. Watch to find out how we integrated Wasm into Kubernetes using Rust and extension points like Endpoint Slices, API aggregation and more!
On Cloud Native Live, Taylor joined Synadia's Jeremy Saenz to discuss the benefits of building a distributed Wasm-native reconciliation loop with NATS JetStream. Watch to learn about key-value buckets, streams and work queues, how they work and why they matter. 12 midday ET.
Bailey recently joined Dan Lorenc at Chainguard to discuss all things Wasm, Kubernetes, distroless compute models and more. Tune in for this step-by-step exploration of Wasm.
The CNCF and Bytecode Alliance came together on CNCF Cloud Native Live for an interesting discussion on WASI 0.2 the Component Model..and the role of the BA in driving forward Wasm standards and tooling.
Check out the Arm Developer Podcast where Bailey and Liam discussed the intersection of Wasm and GPU technologies.
Listen in to a recent WasmEdge community meeting where Bailey Hayes talks all things WASI 0.2 and we hear from the students of the University of Tokyo on some cool new projects.
Bailey was a guest on a recent Rancher Live podcast with Divya Mohan. Tune in for a deep dive into WASI 0.2!