Skip to content

TechnologyΒΆ

Use 1Password CLI for Local Development

If your local development workflow still depends on .env files full of live credentials, you are not doing configuration management, you are just normalizing secret sprawl. The 1Password CLI, op, gives you a better model: keep secrets in a vault, inject them into a child process only when needed, and let your terminal stay fast without turning your laptop into a plaintext key dump.

This post is intentionally about local development only. No CI runners, no GitHub Actions, no Kubernetes side quests. Just a developer workstation, a terminal, and a sane way to run Python, Go, PowerShell, Zsh, and Bash without leaving credentials all over the filesystem.

Recorded Demos

The command and language examples in this post are backed by VHS tapes and a deterministic local demo harness with fake secret values.

That keeps the demos rerenderable without exposing credentials for these examples.

After MkDocs 1.x: Fragmentation, Risk, and What Comes Next

For more than a decade, MkDocs, especially when paired with Material for MkDocs, became the default answer for engineering documentation. It was simple enough for technical writers, familiar to Python-centric platform teams, and polished enough that most organizations never needed to build a documentation frontend of their own. That consensus has now fractured. As of 2026, teams still running MkDocs 1.x are no longer just choosing a mature stack, they're accepting a growing maintenance, compatibility, and software supply chain risk.

MkDocs earned its position because it solved the right problem at the right level of complexity. It gave teams a straightforward content model, a single configuration file, a Python packaging story that fit naturally into existing developer environments, and a clean separation between content, theme, and deployment. Material for MkDocs then raised the ceiling dramatically. Search, dark mode, responsive navigation, blog support, admonitions, tabs, code annotations, and a broad plugin ecosystem turned what began as a documentation generator into a complete publishing stack.

For engineering organizations, that combination was unusually efficient:

  • Technical writers could stay in Markdown.
  • Engineers could treat docs like any other Git-based project.
  • Platform teams could build and deploy sites with the same CI pipelines used elsewhere.
  • Open-source programs could publish polished public documentation without standing up a custom app.

In practice, MkDocs plus Material became the reference architecture for documentation in many Python-centric and infrastructure-heavy teams. It wasn't the only option, but it was often the least controversial one.

A Quick HAProxy Load Balancer for VMware Cloud Foundation Operations

When I need to stand up a quick load balancer for VMware Cloud Foundation Operations in the lab, I don't want to rebuild the same HAProxy configuration by hand every time. I just want a small Debian or Ubuntu VM, a VIP on the right VLAN, a backend pool of appliance nodes, and a fast path to getting the service online.

This helper script is what I use for that job. It prompts for the virtual IP, netmask, redirect FQDN, and backend node IPs, then wires up the network interface, installs HAProxy, generates a fresh configuration, and restarts the required services. It is intentionally opinionated, which is exactly why it's useful in a home lab.

Maintain Formatting of Embedded Terraform Provider Examples with terrafmt

When a Terraform provider repository ships Markdown documentation full of example configuration, those snippets are part of the product. If they drift out of style, or worse, stop parsing as valid HCL, users feel it immediately. terrafmt is a small tool that helps keep embedded Terraform examples formatted and syntactically correct in both local workflows and CI.

terrafmt scans files for embedded Terraform configuration, extracts the matching blocks, parses the HCL, formats it, and then either shows the diff or rewrites the file in place. It recognizes embedded configuration in a few very practical forms:

  • Markdown documentation files with fenced hcl, terraform, or tf blocks
  • Go source files that return raw strings
  • Go source files that build examples with fmt.Sprintf(...)

In other words, terrafmt is a bridge between "this is documentation" and "this is still code."

Field Dispatch: Increase the ESX Certificate Key Size in VMware Cloud Foundation 9.0

Effected Versions

  • VMware Cloud Foundation 9.0.x.x

In VMware Cloud Foundation 9, the certificate workflow in VMware Cloud Foundation Operations ("VCF Operations") can make ESX certificate replacement look more constrained than it is.

When generating a CSR for an ESX host, the interface may show 2048 as the only RSA key size available. In an environment where server certificates must use 3072 or 4096 bit keys, that can look like a mismatch between the platform and the security baseline.

The important detail is where the CSR gets its key size. For ESX hosts, CSR generation can use the host's advanced certificate key size setting, even when VCF Operations only displays 2048.

So the question is not only what the dialog shows. It is what the ESX host is configured to use when the CSR is created.

Linux Commands Reference: Essential CLI Categories for Daily Work

The Linux command line is one of those skills that keeps compounding. Once you can inspect a system, trace a process, move data safely, and answer your own questions from a shell prompt, you stop waiting on GUIs and start working at the speed of the machine. This reference gathers 15 essential command categories into one practical page you can keep nearby, whether you are building confidence or sharpening the habits that make day-to-day operations smoother.

This is not meant to be a memorize-everything-in-one-sitting tutorial. It is a working reference positioned between beginner comfort and intermediate fluency, with a handful of deeper operational workflows where extra context matters most.

Note

This edition is intentionally modern. Unless a command is called out as package-dependent, it is chosen to align with current Debian/Ubuntu and RHEL/Fedora-family releases. Where the distro families differ meaningfully, both patterns are noted directly in the content.

Inside My VS Code Setup: Theme, Extensions, and Settings

VS Code

If you spend hours a day in your editor, your setup stops being a cosmetic preference and starts becoming part of how you think. Mine has evolved into a very opinionated VS Code environment tuned for the work I do most often: Go, Python, PowerShell, Ansible, Terraform, Markdown, YAML, JSON, and a steady stream of GitHub-driven automation.

Earlier this month, I wrote about why I use JetBrains GoLand and PyCharm over VS Code for some language-specific work. That's still true. But VS Code remains one of the most useful tools on my machine because it is fast, flexible, and easy to shape around the task in front of me.

This post is a tour of the setup I keep coming back to, the one that feels like home every time I open VS Code.

How to Write Effective GitHub Issue Templates

A pull request template improves the quality of proposed changes, but it only helps after someone has already made it to the solution stage. GitHub issue forms solve the earlier problem: they shape the information you collect when someone reports a bug, asks for an enhancement, or suggests a documentation fix. In that sense, they're the natural companion to a pull request template, and for many repositories they do even more to reduce maintainer back-and-forth.

While my previous post, How to Write an Effective GitHub Pull Request Template, was about improving review, this post is about improving intake.

  • Pull request templates help contributors explain a proposed change.
  • Issue template help contributors explain a problem, an idea, or a gap before any code has been written.

That distinction matters, because most maintainer time is lost much earlier in the process: missing reproduction steps, missing environment details, vague enhancement requests, and documentation issues with no concrete suggestion.

How to Write an Effective Security Policy for GitHub Repositories

A repository security policy is one of those documents that people often add because GitHub expects it, not because they have thought through what it needs to do. That is how you end up with policies that say little more than "email us if you find a problem" or, worse, tell researchers to open a public issue for a vulnerability report. An effective security policy is not a box-checking exercise. It is an operational document: it tells security researchers how to contact you safely, tells users which versions you still support, and tells everyone what kind of response process they can reasonably expect.

This post walks through how to write a security policy that is actually useful on GitHub: what sections it needs, how specific to be, which mistakes to avoid, and a practical SECURITY.md template you can adapt for your own repositories. The goal is not just to help you publish the file, but to help you publish one that will still read as clear, credible, and operational when someone actually needs it.

Useful beyond GitHub, too!

Although this post focuses on GitHub, most of the guidance applies equally well to GitLab and other source hosting platforms. The platform-specific details, such as where the policy is surfaced and how private vulnerability reporting works, may differ, but the core job of a security policy stays the same: define a private reporting path, set expectations, and make support boundaries clear.

How to Write an Effective Code of Conduct for GitHub Repositories

A GitHub repository does not become a healthy community just because the code is useful. The moment other people begin opening issues, commenting on pull requests, or submitting patches, you have a social space to maintain as well as a technical one. A code of conduct is the document that defines what kind of community you are trying to build, what behavior is expected, and what happens when those expectations are ignored.

The best code of conduct files are not there for optics. They are there to reduce ambiguity. They tell contributors what respectful participation looks like, give maintainers a clear basis for moderation, and provide a reporting path when something goes wrong. Done well, they make a project safer, more predictable, and easier to contribute to.