Africa’s leading tech development company, Andela, have shared (via Twitter) some very useful tips for Application Delivery.
The thread, which was anchored by one of Andela‘s top tech engineers, focused on important tips every tech guru/enthusiast will find useful.
https://twitter.com/Andela_Nigeria/status/1120749488455475200
We have carefully curated the Twitter thread for your reading and learning pleasure. Please, find below:
Welcome to another session of #AndelaTechTuesday, a weekly thread of tech tips, lessons, tutorials etc. from some of our Senior Software Engineers.
Our guest for today is @tsmalz, a Senior Technical Team Lead on our internal Engineering team.
@tsmalz is a Senior Engineer with over 9 years of experience, started as a software engineer before moving into DevOps in 2014. He’s the Platform Team Lead on our internal Engineering team. He claims to love collaborating and solving problems.?
Olatunde will be talking about “Useful Tips for Application Delivery” in today’s session of #AndelaTechTuesday.
Follow this thread for the tips ??
1. Ensure application secrets are not pushed to git repository in plain text. You can achieve this by:
– Git “ignoring” any application secrets file and leaving just an example file.
– Setting up git commit hooks to scan for any secrets. Here is a link to an example of a tool that does this: github.com/awslabs/git-secrets
2. Setup repository status checks. Here are details around github status checks help.github.com/en/articles/en…
3. Ensure every entity (engineers, application, basically anyone accessing the system) has the exact access level required to perform it’s designated tasks and ideally every entity in the system should have their own access credentials.
This would help enforce these access levels and reduce risk of secrets exposure with a controllable blast radius. Basically, just think “least privilege principle”. Useful link: welivesecurity.com/2018/07/02/principle-least-privilege-strategy/
4. Ensure application log levels are implemented correctly and sensitive data (application secrets and user data) isn’t logged especially in production.
5. Ensure application logging is done asynchronously (non-blocking).
6. Depending on the context, consider introducing changes to applications in incremental chunks ensuring backward compatibility using feature toggles/gating when required.
Useful link: https://martinfowler.com/articles/feature-toggles.html
7. Try to apply changes to application dependencies like application “backing services” and infrastructure in a reproducible fashion.
Consider Infrastructure as Code tools, Scripts, make sure it is reproducible and changes can be tracked using whatever is practical depending on the context.
8. Application secrets rotation is always nice to have in place.
9. Application health-checks go a long way in achieving application resilience.
We are hiring Software Engineers across all experience levels, come join our amazing team of world-class engineers, take the first step by applying here: bit.ly/2Ro9wM6
