Encrypt your files by Ansible Vault

So, in previous blog I have given you a brief description about ansible roles. In this blog I am going to discuss about another very important topic that is ansible vault.

Why we need encryption?

We write our ansible playbook, jinja templates and other files in normal unencrypted format but we can’t keep our crucial information such as password in unencrypted format so that’s why we need encryption.

How we can encrypt?

Just like we use ansible-playbook to run our ansible playbooks we have a option called ansible-vault to do our encryption and decryption work. Here below some important and useful commands –

  • we use ansible-vault create a_file to create a encrypted file
$ ansible-vault create a_file
New Vault password: 
Confirm New Vault password:
  • we use ansible-vault encrypt a_existing_file to encrypt a existing file
$ ansible-vault encrypt a_existing_file 
New Vault password: 
Confirm New Vault password: 
Encryption successful
  • we use ansible-vault view a_file to view the encrypted file
$ ansible-vault view a_file 
Vault password: 
You are reading Aniruddha's Blog ;)
  • we use ansible-vault decrypt a_file to decrypt any encrypted file
$ ansible-vault decrypt a_file 
Vault password: 
Decryption successful

What is vault ID?

A vault ID is an identifier for one or more vault secrets. Vault IDs, you must provide an ID of your choosing and a source to obtain it’s password (either prompt or a file path). We use --vault-id to provide the ID. Here below examples how we do –

  • We encrypt a file with ID
$ ansible-vault encrypt --vault-id id1@prompt a_file 
New vault password (id1): 
Confirm vew vault password (id1): 
Encryption successful
  • we view a file with ID
$ ansible-vault view --vault-id id1@prompt a_file 
Vault password (id1): 
You are reading Aniruddha's Blog ;)
  • we decrypt a file with ID
$ ansible-vault decrypt --vault-id id1@prompt a_file 
Vault password (id1): 
Decryption successful

Thank you 🙂


Representational State Transfer (REST) is an architectural style that defines a set of constraints to be used for creating web services. A client requests some data from the server and the server returns the data(resource). There are 6 Constraints –

  1. Uniform Interface – It is a key constraint that differentiate between a REST API and Non-REST API. It suggests that there should be an uniform way of interacting with a given server irrespective of device or type of application (website, mobile app).
  2. Stateless – The server will not store anything about the latest HTTP request the client made. It will treat every request as new.
  3. Cacheable – Every response should include whether the response is cacheable or not and for how much duration responses can be cached at the client side.
    • Caching – Caching is the ability to store copies of frequently accessed data in several places along the request-response path. When a consumer requests a resource representation, the request goes through a cache or a series of caches (local cache, proxy cache, or reverse proxy) toward the service hosting the resource. If any of the caches along the request path has a fresh copy of the requested representation, it uses that copy to satisfy the request. If none of the caches can satisfy the request, the request travels all the way to the service (or origin server as it is formally known).
  4. Client-Server – A Client is someone who is requesting resources and are not concerned with data storage, which remains internal to each server, and server is someone who holds the resources and are not concerned with the user interface or user state.
  5. Layered system – REST allows you to use a layered system architecture where you deploy the APIs on server A, and store data on server B and authenticate requests in Server C.
  6. Code on demand (optional) – servers can also provide executable code to the client. The examples of code on demand may include the compiled components such as Java applets and client-side scripts such as JavaScript.

REST Resource naming guide

We can divide resource archetypes into four categories.

  • Document – A document resource is a singular concept that is akin to an object instance or database record.
    Use “singular” name to denote document resource archetype.
  • Collection – A collection resource is a server-managed directory of resources. Clients may propose new resources to be added to a collection.
    Use “plural” name to denote collection resource archetype.
  1. Store – A store is a client-managed resource repository. A store resource lets an API client put resources in, get them back out, and decide when to delete them. A store never generates new URIs.
    Use “plural” name to denote store resource archetype.
  1. Controller –  A controller resource models a procedural concept. Controller resources are like executable functions, with parameters and return values; inputs and outputs.
    Use “verb” to denote controller archetype.

Best practices & rules

There are some best practices and rules which will be very useful. 

  • Use (/) to indicate hierarchical relationships.
  • Do not use trailing forward slash (/).
http://api.example.com/device-management/managed-devices 	/*This is much better version*/
  • Use hyphens (-) instead of underscores (_).
http://api.example.com/inventory-management/managed-entities/{id}/install-script-location  //More readable
http://api.example.com/inventory-management/managedEntities/{id}/installScriptLocation  //Less readable

Not (_)

http://api.example.com/inventory-management/managed-entities/{id}/install-script-location  //More readable
http://api.example.com/inventory_management/managed_entities/{id}/install_script_location  //More error prone
  • Use lower case letters in URI.
http://api.example.org/my-folder/my-doc  //1
HTTP://API.EXAMPLE.ORG/my-folder/my-doc  //2
http://api.example.org/My-Folder/my-doc  //3
  • Don’t use file extensions.
http://api.example.com/device-management/managed-devices.xml  /*Do not use it*/
http://api.example.com/device-management/managed-devices 	/*This is correct URI*/


REST architectural style lets you use hypermedia links in the response contents so that the client can dynamically navigate to the appropriate resource by traversing the hypermedia links. Above is conceptually the same as a web user browsing through web pages by clicking the relevant hyperlinks to achieve a final goal.
For example HTTP GET http://api.domain.com/management/departments/10

    "departmentId": 10,
    "departmentName": "Administration",
    "locationId": 1700,
    "managerId": 200,
    "links": [
            "href": "10/employees",
            "rel": "employees",
            "type" : "GET"

In the preceding example, the response returned by the server contains hypermedia links to employee resources 10/employees, which can be traversed by the client to read employees belonging to the department.

Idempotent REST API

When making multiple identical requests has the same effect as making a single request – then that REST API is called idempotent. Except POST everything is idempotent, because POST will create a new resource N times if you invoke it N times.

Best practices to Secure REST API

  • Always use HTTPS.
  • Use password hash.
  • Never expose information on URL.
    Usernames, passwords, session tokens, and API keys should not appear in the URL, as this can be captured in web server logs, which makes them easily exploitable.
https://api.domain.com/user-management/users/{id}/someAction?apiKey=abcd123456789  //Very BAD !!
  • Use OAuth instead of basic auth.
  • Add timestamp in request it will prevent the basic reply attack from people who are trying brute force to your system.

Application state vs Resource state

  • Application state : Application state is server-side data which servers store to identify incoming client requests, their previous interaction details, and current context information.
  • Resource state : Resource state is the current state of a resource on a server at any point of time – and it has nothing to do with the interaction between client and server. It is what you get as a response from the server as API response. You refer to it as resource representation.

Advantages of statelessness

  • Statelessness helps in scaling the APIs to millions of concurrent users by deploying it to multiple servers. Any server can handle any request because there is no session related dependency.
  • No server side synchronization.
  • Easy to cache.
  • The server never loses track of “where” each client is in the application because the client sends all necessary information with each request.

Giving my first talk in the Flatcar Community call

Hey there everyone! From the past couple of month I have been learning more about Operating Systems and Linux. And after that I started contributing to Flatcar linux. And On 10 August I gave my life’s first talk in the flatcar community call.

What is Flatcar Linux?

Flatcar Container Linux is a container optimized OS that ships a minimal OS image, which includes only the tools needed to run containers. The OS is shipped through an immutable filesystem and includes automatic atomic updates.

What is community call?

So every month the community organise a zoom meeting where they discuss about news, status updates of their various feature and also upcoming release plannings. Here you can see all the meetings that happened previously with their slides and also information of the upcoming calls. Also there is a spotlight section where I shared my experience of my first flatcar contribution and my journey that how I started.

What I did in my first contribution?

I actually worked on a project called locksmith. locksmith is a reboot manager for the Flatcar update engine which is able to use etcd to ensure that only a subset of a cluster of machines are rebooting at any given time. Also locksmithd runs as a daemon on Flatcar hosts and is responsible for controlling the reboot behaviour after updates.

I worked on a issue that was based on semaphore. The issue was mainly If no semaphore was acquired before then the locksmithd will reboot outside of the reboot window after an update. The expected behaviour was –

  • Try to get the semaphore in infinite loop.
  • If it fails but still in the reboot window then sleep for a certain interval.
  • If it fail but not in reboot window then sleep until the next window.
  • If it succeed then reboot.

How was my experience?

As it was my first talk I was a bit nervous about it. But I finally gathered the courage and gave the talk. After the talk I watched it later and found that the introduction part could have been improved a little bit.


Here is the YouTube recording.
Here is the slides that I presented.

Create shared directory in Linux

Sometime we work in a group and we need to access a specific directory or file by multiple user. And in linux we can get this functionality very easily.

Create a common group and directory

We use groupadd command in linux for creating a group. Let’s execute below command and create a group name shared and a directory.

$ mkdir /home/Desktop/shared_directory

$ sudo groupadd shared

Add existing user to the group

We use usermod command to modify an user account in linux. Let’s execute below command to add our existing user aniruddha to the group shared.

$ sudo usermod -a -G shared aniruddha 

Set appropriate permission on the directory

By default linux assign the group of a newly created directory or file to it’s current user. But we have to set the group of the directory to shared so that all user in the shared group can access the directory. And we also have to set the setGID so that newly created files or directory inside the shared_directory have the same group as the parent directory.

$ sudo chgrp -R shared /home/Desktop/shared_directory

$ sudo chmod -R 2775 /home/Desktop/shared_directory

Here chgrp is used to change the group of any directory or file and chmod is used to change the permission.
Here -R is recursive operation.
2 is for the setGID.
7 is the rwx permission.
5 is the rx permission.

Create more system users

Now it’s time to create more system user and assign them to the group shared.

$ sudo useradd -m -c "John Doo" -s/bin/bash -G shared john

Now if log in as another user and go to shared_directory you can access it.

Participating in my first hackathon

Hey there everyone! After a long time I am writing blog 😉 . I recently joined in B.Tech in Computer Science an Engineering in BPPIMT. And I am really happy that couple of months after joining the college I got some cool folks with whom I can discuss about programming and other tech stuff and got a chance to participate in hackathon. It was Hackoverflow organised by NIT Durgapur.

How it started

In my college unofficial group suddenly one of friend messaged that there is a upcoming hackathon on 2nd April organised by NIT Durgapur. So I messaged him about I am interested and he told that. And after that we registered in Devfolio for the event.

What we made

This is most tricky part. Me and Arkaprabha discussed a lot about what we can make for the hackathon. First we decided we could make a open-book website for students. But after that we discovered the sample idea section in their discord channel :p . And we took the idea of making a food post application for leftover food of various events. It had a user authentication and food post CRUD feature and as well as a search feature based on country and city.

What technologies we used

We decided to go with conventional Django approach. And designed the back-end with that and for the front-end we used HTML, CSS and bootstrap. And bootstrap helped us a lot in aligning things. For search we used Django filter package and countries we used django-countries. And we tried to kept the UI simple as possible. Here is github link.

What problems we faced

First while making the back-end I was in a hurry and made the database query wrong and that’s why it was not fetching the user own post and other post properly instead it was fetching all post in the home page. And I discovered it and fixed it by placing user.id .
Second problem we faced was when a user was making a post It was by default saying that the post was made by superuser. And the problem was same I used user instead of user.id and by default in the database file the default value was 1.

What was the result?

And here is the big part the what was the result. And yes we lost XD. But I never regret for the result because I got so many thing to learn and got a idea how hackathon works and After all I enjoyed 😉 . And I will be participating in hackathons in future for sure.

Installation of nodejs in your Debian based system

Node.js is a platform built on Chrome’s JavaScript runtime for easily building fast, scalable network applications.

Step 1 – Add node.js PPA

Node.js package is available in LTS and current release.
Use the current release:- in your case if there is any further version available then replace the 12 with your desired version.

$ sudo apt-get install curl python-software-properties
$ curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash 

Use LTS release:- in your case if there is any further version available then replace the 10 with your desired version.

$ sudo apt-get install curl python-software-properties
$ curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -

Step 2 – Install node.js on Ubuntu

You have successfully added the node.js PPA now execute the blow command to install the software.

$ sudo apt install nodejs

Step 3 – Checking your version

Now execute below two commands to check node.js and npm version. In my case I am using the LTS version.

$ node -v
$ npm -v

Thank you 🙂

PyCon India 2019

Yaaaaa!!!! it was my first PyCon India. One day I was chatting to Sayan and suddenly he told me that start saving some money from now and attend the pycon India this year. I had never been any kind of conference ever before so I was bit hesitated about this conference but Sayan and other folks from dgplug guided me a lot. I started my journey with my dad from Kolkata on 10th October and reached Chennai on 11th.

Day 0

On 12th October I left for the conference. When I reached the conference I saw sourabh, Pravar and Rayan there and talked with them. After that I got my attendee card then went for the breakfast and while eating I met some people and talked with them like Vijay, Noah later I proceeded to the conference. After that I attended the Jake VanderPlas’s keynote. After that I was going to various sponsors booth to collect the goodies :p. After that I went for Pradyun’s talk Python Packaging – where we are and where we’re headed. He described how packaging works with pip and how they are planning to move ahead.
I met many of the faces whom I used to know on IRC/Twitter only. Later me and Sayan explored the Poster Session. It was really exciting and my first day of the conference was over. After the conference me and some other folks went for visiting the Palavakkam Beach and spent some good time there.

goodies & swags 😉

Day 1

On 13th it started with keynote by Ines Montani. After that there was annual DGPLUG staircase meeting. Sayan conducted the meeting and we all introduced our self to each other and discussed about what went wrong to this year’s summer training. We also discussed about the tasks given by Sayan this year. After finishing the lunch we also solved some word puzzles and coding questions to get the t-shirts and swags. The conference ended with David Beazley keynote and he live coded a stack machine, wrote an interpreter for Web Assembly game that was initially written for Rust in Python and in the end added PyGame to make it into an actual game. I was amazed after seeing it. The keynote ended with standing ovation from all the people in the hall. After the conference we went for DGPLUG dinner and spent some good time with other folks and had our dinner there.

DGPLUG group

Day 2

On 14th(my birthday :p) morning I left for IIT Madras Research Park and in the morning there was my workshop on docker. After finishing the workshop I joined devsprint. There was lots of mentors conducting the devsprint and from that I choosed to join the Python Packaging Sprint which was conducted by Pradyun. It was my first devsprint and I didn’t even know anything about it but Pradyun helped me a lot understand the issue and what should be my approach to solve that. after the devsprint we went for dinner again. On that day most of my friends were returning so it was time to say goodbye to them 🙂

day 3

On 15th again there was devsprint happening there and I was solving an issue in pip and Pradyun was helping me regarding that issue. Besides devsprint me and Sourabh was discussing about some security stuff. After the devsprint I talked with other people.

After the devsprint


Pycon India has gave me the opportunity to communicate and meet people from all across the world as well as different background. I got to know about lots of new technologies and other technical stuff. I made lots of new friends there and I returned home with some great memories with me 🙂 . If I go next year then I would like to be a volunteer there.

Write your commit message in your favourite text editor

Most of us use git as their version control system and in day to day life while developing any application we commit our changes quite frequently. We follow the traditional way of committing changes like below –

$ git commit -m "Our commit message"

But we have another cool option to do this commit. We can use our favorite text editor for this commit. We have to first tell git that pop up the text editor every time you commit changes. For this execute below command in your terminal –

$ git config --global core.editor "vim"

Here it will pop up the vim text editor when you will execute git commit.

Thank you 🙂

Learned to Build a simple pascal interpreter using python

Photo by Max Duzij on Unsplash

Recently I was going through the series of ‘Let’s Build A Simple Interpreter‘ by Ruslan Spivak which was given by Sayan as an assignment of summer training. Here you can see the whole series codes. I have gone through all the parts and added what I have learned in the README.md file.

In this series the main focus was to build an simple pascal interpreter by python which can execute simple pascal codes like mathematical operations and procedure calling. This series introduced me lots of thing like scanner, token, parser, interpreter and grammar, etc. At first I was thinking that I will not be able to complete the series properly as I didn’t know anything about interpreter and compiler but as move forward in this series things get cleared because everything was elaborated properly. Whenever I stuck at any point I search it in the internet and try to find the proper solution. For me in this series the most interesting part was the grammar of any programming language and how they help.

In this series I also learned how to write better commits so people can understand my code and also learned how to reset my commit to previous commit when I commit wrong things or made any bad commit message. Here you can see my commits.

Thank you 🙂

Fun with python requests module

I was reading this part of the pym book and thought that I should change this code a little bit so that it can do some better thing like instead of storing the content in a text file it stores it in a HTML file and it also checks if there is any same named file exists in the directory or not. Here is the code –

import os.path
import requests

def download(url):
    Download the given url and saves it to the current directory
    :arg url: URL of the file to be downloaded.
    req = requests.get(url)
    if req.status_code == 404:
        print('No such file found at %s' % url)
    fileName = url.split('/')[-1].split('.')[0] + '.html'
    if os.path.isfile(fileName):
        print('Same file name already exist')
        with open(fileName, 'wb') as fobj:
        print('Download over')

if __name__ == "__main__":
    url = input("Enter a URL: ")

Above we are getting the content of the content of the url by requests.get(url) method. Then checking if that url is valid or not. If valid then parsing the url by split() method like first we are splitting it by “/” and taking the last value of the list and then splitting it again with “.” and taking the first value of the list. Then checking if there is no same name file exist and if there is no same name file then we are creating a file then writing the content in the file.
Thank you 🙂