Login

r/devops

Built a self-hosted expiration monitoring tool for certificates, secrets, API keys, and licenses
▲ 21 r/devops+1 crossposts

Built a self-hosted expiration monitoring tool for certificates, secrets, API keys, and licenses

I’ve been working on a self-hosted tool called TokenTimer to solve a problem I kept seeing in ops/security environments: expired certificates, forgotten secrets, rotated API keys, and unclear renewal ownership causing avoidable incidents.

The idea is simple: provide one place to track expiring assets across providers and environments, instead of relying on a mix of provider dashboards, calendar reminders, and custom scripts.

Current features include:

  • auto-import / auto-sync from Vault, AWS, Azure, GCP, GitHub, and GitLab
  • multi-channel alerting
  • HTTPS endpoint monitoring with SSL expiry detection
  • multi-workspace RBAC and audit logging
  • self-hosted deployment with Docker Compose or Helm

I’m sharing it here mainly to get feedback from people who actually run infrastructure in production.

A few things I’d love input on:

  • How are you currently tracking expirations across teams and providers?
  • Which integrations would be must haves in your environment?
  • Would you rather centralize this in one tool, or keep it inside existing platforms?

The core version is source-available with internal usage allowed so you are free to use it (the license just prohibits commercial usage).

Repo: https://github.com/tokentimerch/tokentimer-core
Website: https://tokentimer.ch

u/smartguy_x — 2 hours ago
7 hidden tech-debts of agentic engineering
🔥 Hot ▲ 81 r/devops+1 crossposts

7 hidden tech-debts of agentic engineering

I see so many cool demos of agents writing code, deploying stuff, resolving incidents. Every week there's a new one that looks incredible.

Then I talk to the eng orgs actually trying to do this at scale and it's a completely different story. The AI part works fine. What breaks is everything around it.

I wrote up 7 specific debts I keep seeing that block orgs from going beyond the demo phase.

Disclaimer: I'm the CEO of port.io so take that into account. This comes from my newsletter and what I see talking to eng teams every week.

newsletter.port.io
u/zohar275 — 12 hours ago
🔥 Hot ▲ 117 r/devops

<Generic 'I built this to do some problem that doesnt actually exist' >

<Totally not AI generated problem statement that actually just exposes that OP has 0 clue about how anything works>

<Github link 80% of the time. Usually created 1 or 2 days ago. Completely out of whack when compared to OP's other public repo code which are usually named ~"python||typescript testing". Only shows OP as contributor cause they make the repo with AI first then delete and copy/paste/push >

<Generic asking for feedback section and statement that there is a paid version but you dont need to use it at first>

All credit to /u/Arucious for this one lmao

reddit.com
u/JodyBro — 23 hours ago
▲ 9 r/devops+1 crossposts

What's a good Kubernetes Ingress Architecture on Azure?

If you could start on a green field, which ingress architecture would you go with? Here are a few constraints:

  • Single region deployment
  • No legacy Ingress API
  • Preferably WAF builtin

Here are some options I considered so far:

  • Option 1: Azure Application Gateway for Containers
  • Option 2: Envoy Gateway
  • Option 3: Traefik

Azure Application Gateway for Containers is a new offering from Azure that uses Gateway API. Would be interesting to hear any experience from people who are actually running it in production.

If you have any good references/comparisons, would be curious the read them.

reddit.com
u/jsattler_ — 3 days ago
▲ 0 r/devops

Openclaw agent for devs to create new apps on EKS

Bear with me here. I'm thinking about having an openclaw agent that devs can interact with when they want to add a new app on our EKS cluster. For now it would be for the nonprod cluster only.

Say they can interact with the agent through slack. They tell the agent about what their app will need. Like open port 8080, make a pvc, make a configmap with those values. Then the agent creates the new app from an helm template and would also create the cicd pipeline from a template. The agent could open a Jira ticket a pr for us to review before applying the change. It could also document the app in confluence. I don't see why this would not work. And we make sure the agent only has limited credentials and network accesses

When we want to deploy the app on the prod cluster we could do it ourselves for now.

reddit.com
u/Vonderchicken — 5 hours ago
▲ 0 r/devops

Is Ansible still a thing nowadays?

I see that it isn't very popular these days. I'm wondering what's the "meta" of automation platform/tools nowadays that worth checking out?

reddit.com
u/hansinomc — 19 hours ago
Week