auxesis

#!/bin/sh
#
# pre-push hook: refuse to push if any commit being pushed is unsigned.
# A commit is considered unsigned when git's %G? placeholder reports 'N'.

# All-zeros OID of the correct length for this repo's hash algorithm.
zero=$(git hash-object --stdin </dev/null | tr '0-9a-f' '0')

unsigned=""

auxesis

name	reviewing-infracode
description	Use when the user asks to "review this branch / PR / diff" and the changes touch infrastructure-as-code — Terraform, CloudFormation, mise tasks, observability configs (Prometheus, YACE, Grafana), or anything under `infra/`. Focuses on maintainability, readability, similarity to sibling stacks, and the quiet-but-expensive Terraform pitfalls that don't show up in `plan`.

Reviewing Infracode

When to use

The user asks for a review of a branch, PR, or diff, AND the changes are infrastructure-as-code: Terraform (*.tf), CloudFormation (*.yaml/*.yml under infra/), mise task definitions (mise*.toml), observability configs (prometheus.yml, yace.yml, alert rules, dashboards), or anything else under an infra/ tree.

auxesis

{
  "commands": [
    {
      "name": "completion",
      "description": "Generate the autocompletion script for the specified shell"
    },
    {
      "name": "controls",
      "description": "Fetch controls",
      "flags": [

auxesis

type Users struct {
  id       uuid
  email    string `cs:indexes:["free_text_search","equality","order_and_range"]`
}

type Photos struct {
  id          uuid
  created_at  time.Time `cs:indexes:["equality","order_and_range"]`
}

auxesis

#!/bin/sh
#
# ## Setup
#
# Install hueadm:
#
# ```bash
# npm install -g hueadm
# ```
#

auxesis

Searching the unsearchable: how we made encrypted JSON searchable

Speaker: Lindsay Holmwood

When protecting sensitive data in our apps, everyone uses the same tried-and-true approach: build layers of controls around that data. But there is always a constraint: sensitive data must be stored in plaintext. What if we could encrypt it and perform range, match, and unique queries without ever decrypting it?

In this talk you will learn:

auxesis

#EXTM3U
#EXTVLCOPT:http-referrer=https://www.surfline.com/
#EXTVLCOPT:http-user-agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/117.0
https://hls.cdn-surfline.com/east-au/au-umina/playlist.m3u8

auxesis

Title

Protecting sensitive data in DynamoDB with searchable encryption

Description

As architects, data security is a non-negotiable attribute of our solution designs. The traditional go-to technique to protect data is to build layers of controls around sensitive data. But there is always a constraint: sensitive data must be stored in plaintext. Why don’t we encrypt it? Because we can’t use it.

But what if we could encrypt it and perform range, match, and unique queries without ever decrypting it? This would allow us to exceed the design principles of the Security Pillar and protect data in transit, at rest, and in-use.

auxesis

require "dotiw"

include DOTIW::Methods

availability = 0.999 # three nines

#                         days per year
#                         |    hours per day
#                         |    |    minutes per hour
#                         |    |    |    seconds per minute

auxesis

AWSTemplateFormatVersion: '2010-09-09'
Description: Deploy CipherStash Proxy to ECS Fargate

Parameters:
  VpcId:
    Type: AWS::EC2::VPC::Id
  SubnetIds:
    Type: List<AWS::EC2::Subnet::Id>
  SecurityGroupId:
    Type: AWS::EC2::SecurityGroup::Id