AI Tool Gateways: Sandboxing Agent Access in Kubernetes
AI agents have unlimited ambition and undefined access boundaries. You have sandboxed everything else. Here is how to sandbox your agents too.
9 min2026-06-15Network Control with Cilium and Kyverno: Policies That Actually Work
Network policies in most Kubernetes clusters are cargo cult. Teams write them, Kubernetes accepts them, and nothing changes. Cilium actually enforces them — and shows you the traffic.
8 min2026-06-13Keyless GCP Secrets in GitHub Actions: Workload Identity, Scoped to One Secret
Drop the service-account JSON key. Federate GitHub Actions into GCP with OIDC, then scope the service account to read one named secret — not the whole project.
9 min2026-03-24The M5 Pro Setup: Same Mac, Different Era
Why 48GB changes a Mac from coding laptop into an AI workstation for local models, parallel agents, and platform engineering.
12 min2026-03-22Git Commit Signing with GPG on macOS
A practical GPG commit signing setup on macOS, with GitHub verification, pinentry-mac, GPG_TTY, and the parts that usually break.
6 min2026-03-22SSH Git Commit Signing for Busy Engineers
A clean SSH commit signing setup on macOS, with separate auth and signing keys, local verification, and none of the usual GPG hassle.
8 min2026-03-01Authentication 101: A Complete Guide to Modern Identity Methods
Authentication gets easier when you separate login, delegated access, SSO, and workload identity. This guide shows where each one fits.
22 min2025-09-10GKE to AWS Identity Federation: A Guide to Keyless Access
Run workloads on GKE and access AWS without static keys. This guide shows how to federate a Kubernetes service account into an AWS IAM role.
7 min