Alternatives to Keycloak logo

Alternatives to Keycloak

Auth0, Okta, FreeIPA, Dex, and Vault are the most popular alternatives and competitors to Keycloak.
720
1.3K
+ 1
102

What is Keycloak and what are its top alternatives?

It is an Open Source Identity and Access Management For Modern Applications and Services. It adds authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box.
Keycloak is a tool in the User Management and Authentication category of a tech stack.

Top Alternatives to Keycloak

  • Auth0
    Auth0

    A set of unified APIs and tools that instantly enables Single Sign On and user management to all your applications. ...

  • Okta
    Okta

    Connect all your apps in days, not months, with instant access to thousands of pre-built integrations - even add apps to the network yourself. Integrations are easy to set up, constantly monitored, proactively repaired and handle authentication and provisioning. ...

  • FreeIPA
    FreeIPA

    FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers. ...

  • Dex
    Dex

    Dex is a personal CRM that helps you build stronger relationships. Remember where you left off, keep in touch, and be more thoughtful -- all in one place. ...

  • Vault
    Vault

    Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. ...

  • JavaScript
    JavaScript

    JavaScript is most known as the scripting language for Web pages, but used in many non-browser environments as well such as node.js or Apache CouchDB. It is a prototype-based, multi-paradigm scripting language that is dynamic,and supports object-oriented, imperative, and functional programming styles. ...

  • Git
    Git

    Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. ...

  • GitHub
    GitHub

    GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Over three million people use GitHub to build amazing things together. ...

Keycloak alternatives & related posts

Auth0 logo

Auth0

1.3K
2K
215
Token-based Single Sign On for your Apps and APIs with social, databases and enterprise identities
1.3K
2K
+ 1
215
PROS OF AUTH0
  • 70
    JSON web token
  • 31
    Integration with 20+ Social Providers
  • 20
    It's a universal solution
  • 20
    SDKs
  • 15
    Amazing Documentation
  • 11
    Heroku Add-on
  • 8
    Enterprise support
  • 7
    Great Sample Repos
  • 7
    Extend platform with "rules"
  • 4
    Azure Add-on
  • 3
    Easy integration, non-intrusive identity provider
  • 3
    Passwordless
  • 2
    It can integrate seamlessly with firebase
  • 2
    Great documentation, samples, UX and Angular support
  • 2
    Polished
  • 2
    On-premise deployment
  • 1
    Will sign BAA for HIPAA-compliance
  • 1
    MFA
  • 1
    Active Directory support
  • 1
    Springboot
  • 1
    SOC2
  • 1
    SAML Support
  • 1
    Great support
  • 1
    OpenID Connect (OIDC) Support
CONS OF AUTH0
  • 15
    Pricing too high (Developer Pro)
  • 7
    Poor support
  • 4
    Rapidly changing API
  • 4
    Status page not reflect actual status

related Auth0 posts

Stephen Gheysens
Lead Solutions Engineer at Inscribe · | 14 upvotes · 1.8M views

Hi Otensia! I'd definitely recommend using the skills you've already got and building with JavaScript is a smart way to go these days. Most platform services have JavaScript/Node SDKs or NPM packages, many serverless platforms support Node in case you need to write any backend logic, and JavaScript is incredibly popular - meaning it will be easy to hire for, should you ever need to.

My advice would be "don't reinvent the wheel". If you already have a skill set that will work well to solve the problem at hand, and you don't need it for any other projects, don't spend the time jumping into a new language. If you're looking for an excuse to learn something new, it would be better to invest that time in learning a new platform/tool that compliments your knowledge of JavaScript. For this project, I might recommend using Netlify, Vercel, or Google Firebase to quickly and easily deploy your web app. If you need to add user authentication, there are great examples out there for Firebase Authentication, Auth0, or even Magic (a newcomer on the Auth scene, but very user friendly). All of these services work very well with a JavaScript-based application.

See more
Deep Shah
Software Engineer at Amazon · | 6 upvotes · 955K views

I only know Java and so thinking of building a web application in the following order. I need some help on what alternatives I can choose. Open to replace components, services, or infrastructure.

  • Frontend: AngularJS, Bootstrap
  • Web Framework: Spring Boot
  • Database: Amazon DynamoDB
  • Authentication: Auth0
  • Deployment: Amazon EC2 Container Service
  • Local Testing: Docker
  • Marketing: Mailchimp (Separately Export from Auth0)
  • Website Domain: GoDaddy
  • Routing: Amazon Route 53

PS: Open to exploring options of going completely native ( AWS Lambda, AWS Security but have to learn all)

See more
Okta logo

Okta

411
815
65
Enterprise-grade identity management for all your apps, users & devices
411
815
+ 1
65
PROS OF OKTA
  • 14
    REST API
  • 9
    SAML
  • 5
    OIDC OpenID Connect
  • 5
    Protect B2E, B2B, B2C apps
  • 5
    User Provisioning
  • 5
    Easy LDAP integration
  • 4
    Universal Directory
  • 4
    Tons of Identity Management features
  • 4
    SSO, MFA for cloud, on-prem, custom apps
  • 4
    API Access Management - oAuth2 as a service
  • 3
    Easy Active Directory integration
  • 2
    SWA applications Integration
  • 1
    SOC2
  • 0
    Test
CONS OF OKTA
  • 5
    Pricing is too high
  • 1
    Okta verify (Multi-factor Authentication)

related Okta posts

Shared insights
on
OktaOktaKeycloakKeycloakGitHubGitHub

Hello,

I'm trying to implement a solution for this situation:

There is a restaurant in which users can access RestAPI, using Google, Facebook, GitHub. There is even the possibility to login inside using the SPID authentication. In the first case I was considering Keycloak as a better solution for this case, but then i've read about Okta and its pros.

I cannot understand reading and searching on Google if SPID authentication is supported by OKTA. Looks like to be, because it should be using SAML, but I haven't found a clear solution.

See more
Shared insights
on
OktaOktaKeycloakKeycloak

I want some good advice on which one I should prefer. (Keycloak or Okta) Since Keycloak is open source, it will be our first preference, but do we face some limitations with this approach? And since our product is SAAS based and we support the following authentications at present. 1. AT DB level 2. 3rd part IDP providers 3. LDAP/AD...

See more
FreeIPA logo

FreeIPA

42
100
3
Manage Linux users and client hosts in your realm from one central location with CLI, Web UI or...
42
100
+ 1
3
PROS OF FREEIPA
  • 2
    Manages sudo command groups and sudo commands
  • 1
    Manages host and host groups
CONS OF FREEIPA
    Be the first to leave a con

    related FreeIPA posts

    Dex logo

    Dex

    42
    54
    0
    Integrated, modern rolodex that helps you make the most of your network
    42
    54
    + 1
    0
    PROS OF DEX
      Be the first to leave a pro
      CONS OF DEX
        Be the first to leave a con

        related Dex posts

        Vault logo

        Vault

        784
        793
        71
        Secure, store, and tightly control access to tokens, passwords, certificates, API keys, and other secrets in modern computing
        784
        793
        + 1
        71
        PROS OF VAULT
        • 17
          Secure
        • 13
          Variety of Secret Backends
        • 11
          Very easy to set up and use
        • 8
          Dynamic secret generation
        • 5
          AuditLog
        • 3
          Privilege Access Management
        • 3
          Leasing and Renewal
        • 2
          Easy to integrate with
        • 2
          Open Source
        • 2
          Consol integration
        • 2
          Handles secret sprawl
        • 2
          Variety of Auth Backends
        • 1
          Multicloud
        CONS OF VAULT
          Be the first to leave a con

          related Vault posts

          Tymoteusz Paul
          Devops guy at X20X Development LTD · | 23 upvotes · 8.9M views

          Often enough I have to explain my way of going about setting up a CI/CD pipeline with multiple deployment platforms. Since I am a bit tired of yapping the same every single time, I've decided to write it up and share with the world this way, and send people to read it instead ;). I will explain it on "live-example" of how the Rome got built, basing that current methodology exists only of readme.md and wishes of good luck (as it usually is ;)).

          It always starts with an app, whatever it may be and reading the readmes available while Vagrant and VirtualBox is installing and updating. Following that is the first hurdle to go over - convert all the instruction/scripts into Ansible playbook(s), and only stopping when doing a clear vagrant up or vagrant reload we will have a fully working environment. As our Vagrant environment is now functional, it's time to break it! This is the moment to look for how things can be done better (too rigid/too lose versioning? Sloppy environment setup?) and replace them with the right way to do stuff, one that won't bite us in the backside. This is the point, and the best opportunity, to upcycle the existing way of doing dev environment to produce a proper, production-grade product.

          I should probably digress here for a moment and explain why. I firmly believe that the way you deploy production is the same way you should deploy develop, shy of few debugging-friendly setting. This way you avoid the discrepancy between how production work vs how development works, which almost always causes major pains in the back of the neck, and with use of proper tools should mean no more work for the developers. That's why we start with Vagrant as developer boxes should be as easy as vagrant up, but the meat of our product lies in Ansible which will do meat of the work and can be applied to almost anything: AWS, bare metal, docker, LXC, in open net, behind vpn - you name it.

          We must also give proper consideration to monitoring and logging hoovering at this point. My generic answer here is to grab Elasticsearch, Kibana, and Logstash. While for different use cases there may be better solutions, this one is well battle-tested, performs reasonably and is very easy to scale both vertically (within some limits) and horizontally. Logstash rules are easy to write and are well supported in maintenance through Ansible, which as I've mentioned earlier, are at the very core of things, and creating triggers/reports and alerts based on Elastic and Kibana is generally a breeze, including some quite complex aggregations.

          If we are happy with the state of the Ansible it's time to move on and put all those roles and playbooks to work. Namely, we need something to manage our CI/CD pipelines. For me, the choice is obvious: TeamCity. It's modern, robust and unlike most of the light-weight alternatives, it's transparent. What I mean by that is that it doesn't tell you how to do things, doesn't limit your ways to deploy, or test, or package for that matter. Instead, it provides a developer-friendly and rich playground for your pipelines. You can do most the same with Jenkins, but it has a quite dated look and feel to it, while also missing some key functionality that must be brought in via plugins (like quality REST API which comes built-in with TeamCity). It also comes with all the common-handy plugins like Slack or Apache Maven integration.

          The exact flow between CI and CD varies too greatly from one application to another to describe, so I will outline a few rules that guide me in it: 1. Make build steps as small as possible. This way when something breaks, we know exactly where, without needing to dig and root around. 2. All security credentials besides development environment must be sources from individual Vault instances. Keys to those containers should exist only on the CI/CD box and accessible by a few people (the less the better). This is pretty self-explanatory, as anything besides dev may contain sensitive data and, at times, be public-facing. Because of that appropriate security must be present. TeamCity shines in this department with excellent secrets-management. 3. Every part of the build chain shall consume and produce artifacts. If it creates nothing, it likely shouldn't be its own build. This way if any issue shows up with any environment or version, all developer has to do it is grab appropriate artifacts to reproduce the issue locally. 4. Deployment builds should be directly tied to specific Git branches/tags. This enables much easier tracking of what caused an issue, including automated identifying and tagging the author (nothing like automated regression testing!).

          Speaking of deployments, I generally try to keep it simple but also with a close eye on the wallet. Because of that, I am more than happy with AWS or another cloud provider, but also constantly peeking at the loads and do we get the value of what we are paying for. Often enough the pattern of use is not constantly erratic, but rather has a firm baseline which could be migrated away from the cloud and into bare metal boxes. That is another part where this approach strongly triumphs over the common Docker and CircleCI setup, where you are very much tied in to use cloud providers and getting out is expensive. Here to embrace bare-metal hosting all you need is a help of some container-based self-hosting software, my personal preference is with Proxmox and LXC. Following that all you must write are ansible scripts to manage hardware of Proxmox, similar way as you do for Amazon EC2 (ansible supports both greatly) and you are good to go. One does not exclude another, quite the opposite, as they can live in great synergy and cut your costs dramatically (the heavier your base load, the bigger the savings) while providing production-grade resiliency.

          See more
          Joseph Irving
          DevOps Engineer at uSwitch · | 8 upvotes · 20.4K views

          At uSwitch we use Vault to generate short lived database credentials for our applications running in Kubernetes. We wanted to move from an environment where we had 100 dbs with a variety of static passwords being shared around to a place where each pod would have credentials that only last for its lifetime.

          We chose vault because:

          • It had built in Kubernetes support so we could use service accounts to permission which pods could access which database.

          • A terraform provider so that we could configure both our RDS instances and their vault configuration in one place.

          • A variety of database providers including MySQL/PostgreSQL (our most common dbs).

          • A good api/Go -sdk so that we could build tooling around it to simplify development worfklow.

          • It had other features we would utilise such as PKI

          See more
          JavaScript logo

          JavaScript

          354.5K
          269.5K
          8.1K
          Lightweight, interpreted, object-oriented language with first-class functions
          354.5K
          269.5K
          + 1
          8.1K
          PROS OF JAVASCRIPT
          • 1.7K
            Can be used on frontend/backend
          • 1.5K
            It's everywhere
          • 1.2K
            Lots of great frameworks
          • 897
            Fast
          • 745
            Light weight
          • 425
            Flexible
          • 392
            You can't get a device today that doesn't run js
          • 286
            Non-blocking i/o
          • 237
            Ubiquitousness
          • 191
            Expressive
          • 55
            Extended functionality to web pages
          • 49
            Relatively easy language
          • 46
            Executed on the client side
          • 30
            Relatively fast to the end user
          • 25
            Pure Javascript
          • 21
            Functional programming
          • 15
            Async
          • 13
            Full-stack
          • 12
            Setup is easy
          • 12
            Future Language of The Web
          • 12
            Its everywhere
          • 11
            Because I love functions
          • 11
            JavaScript is the New PHP
          • 10
            Like it or not, JS is part of the web standard
          • 9
            Expansive community
          • 9
            Everyone use it
          • 9
            Can be used in backend, frontend and DB
          • 9
            Easy
          • 8
            Most Popular Language in the World
          • 8
            Powerful
          • 8
            Can be used both as frontend and backend as well
          • 8
            For the good parts
          • 8
            No need to use PHP
          • 8
            Easy to hire developers
          • 7
            Agile, packages simple to use
          • 7
            Love-hate relationship
          • 7
            Photoshop has 3 JS runtimes built in
          • 7
            Evolution of C
          • 7
            It's fun
          • 7
            Hard not to use
          • 7
            Versitile
          • 7
            Its fun and fast
          • 7
            Nice
          • 7
            Popularized Class-Less Architecture & Lambdas
          • 7
            Supports lambdas and closures
          • 6
            It let's me use Babel & Typescript
          • 6
            Can be used on frontend/backend/Mobile/create PRO Ui
          • 6
            1.6K Can be used on frontend/backend
          • 6
            Client side JS uses the visitors CPU to save Server Res
          • 6
            Easy to make something
          • 5
            Clojurescript
          • 5
            Promise relationship
          • 5
            Stockholm Syndrome
          • 5
            Function expressions are useful for callbacks
          • 5
            Scope manipulation
          • 5
            Everywhere
          • 5
            Client processing
          • 5
            What to add
          • 4
            Because it is so simple and lightweight
          • 4
            Only Programming language on browser
          • 1
            Test
          • 1
            Hard to learn
          • 1
            Test2
          • 1
            Not the best
          • 1
            Easy to understand
          • 1
            Subskill #4
          • 1
            Easy to learn
          • 0
            Hard 彤
          CONS OF JAVASCRIPT
          • 22
            A constant moving target, too much churn
          • 20
            Horribly inconsistent
          • 15
            Javascript is the New PHP
          • 9
            No ability to monitor memory utilitization
          • 8
            Shows Zero output in case of ANY error
          • 7
            Thinks strange results are better than errors
          • 6
            Can be ugly
          • 3
            No GitHub
          • 2
            Slow
          • 0
            HORRIBLE DOCUMENTS, faulty code, repo has bugs

          related JavaScript posts

          Zach Holman

          Oof. I have truly hated JavaScript for a long time. Like, for over twenty years now. Like, since the Clinton administration. It's always been a nightmare to deal with all of the aspects of that silly language.

          But wowza, things have changed. Tooling is just way, way better. I'm primarily web-oriented, and using React and Apollo together the past few years really opened my eyes to building rich apps. And I deeply apologize for using the phrase rich apps; I don't think I've ever said such Enterprisey words before.

          But yeah, things are different now. I still love Rails, and still use it for a lot of apps I build. But it's that silly rich apps phrase that's the problem. Users have way more comprehensive expectations than they did even five years ago, and the JS community does a good job at building tools and tech that tackle the problems of making heavy, complicated UI and frontend work.

          Obviously there's a lot of things happening here, so just saying "JavaScript isn't terrible" might encompass a huge amount of libraries and frameworks. But if you're like me, yeah, give things another shot- I'm somehow not hating on JavaScript anymore and... gulp... I kinda love it.

          See more
          Conor Myhrvold
          Tech Brand Mgr, Office of CTO at Uber · | 44 upvotes · 11.2M views

          How Uber developed the open source, end-to-end distributed tracing Jaeger , now a CNCF project:

          Distributed tracing is quickly becoming a must-have component in the tools that organizations use to monitor their complex, microservice-based architectures. At Uber, our open source distributed tracing system Jaeger saw large-scale internal adoption throughout 2016, integrated into hundreds of microservices and now recording thousands of traces every second.

          Here is the story of how we got here, from investigating off-the-shelf solutions like Zipkin, to why we switched from pull to push architecture, and how distributed tracing will continue to evolve:

          https://eng.uber.com/distributed-tracing/

          (GitHub Pages : https://www.jaegertracing.io/, GitHub: https://github.com/jaegertracing/jaeger)

          Bindings/Operator: Python Java Node.js Go C++ Kubernetes JavaScript OpenShift C# Apache Spark

          See more
          Git logo

          Git

          293.7K
          175.8K
          6.6K
          Fast, scalable, distributed revision control system
          293.7K
          175.8K
          + 1
          6.6K
          PROS OF GIT
          • 1.4K
            Distributed version control system
          • 1.1K
            Efficient branching and merging
          • 959
            Fast
          • 845
            Open source
          • 726
            Better than svn
          • 368
            Great command-line application
          • 306
            Simple
          • 291
            Free
          • 232
            Easy to use
          • 222
            Does not require server
          • 27
            Distributed
          • 22
            Small & Fast
          • 18
            Feature based workflow
          • 15
            Staging Area
          • 13
            Most wide-spread VSC
          • 11
            Role-based codelines
          • 11
            Disposable Experimentation
          • 7
            Frictionless Context Switching
          • 6
            Data Assurance
          • 5
            Efficient
          • 4
            Just awesome
          • 3
            Github integration
          • 3
            Easy branching and merging
          • 2
            Compatible
          • 2
            Flexible
          • 2
            Possible to lose history and commits
          • 1
            Rebase supported natively; reflog; access to plumbing
          • 1
            Light
          • 1
            Team Integration
          • 1
            Fast, scalable, distributed revision control system
          • 1
            Easy
          • 1
            Flexible, easy, Safe, and fast
          • 1
            CLI is great, but the GUI tools are awesome
          • 1
            It's what you do
          • 0
            Phinx
          CONS OF GIT
          • 16
            Hard to learn
          • 11
            Inconsistent command line interface
          • 9
            Easy to lose uncommitted work
          • 7
            Worst documentation ever possibly made
          • 5
            Awful merge handling
          • 3
            Unexistent preventive security flows
          • 3
            Rebase hell
          • 2
            When --force is disabled, cannot rebase
          • 2
            Ironically even die-hard supporters screw up badly
          • 1
            Doesn't scale for big data

          related Git posts

          Simon Reymann
          Senior Fullstack Developer at QUANTUSflow Software GmbH · | 30 upvotes · 10M views

          Our whole DevOps stack consists of the following tools:

          • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
          • Respectively Git as revision control system
          • SourceTree as Git GUI
          • Visual Studio Code as IDE
          • CircleCI for continuous integration (automatize development process)
          • Prettier / TSLint / ESLint as code linter
          • SonarQube as quality gate
          • Docker as container management (incl. Docker Compose for multi-container application management)
          • VirtualBox for operating system simulation tests
          • Kubernetes as cluster management for docker containers
          • Heroku for deploying in test environments
          • nginx as web server (preferably used as facade server in production environment)
          • SSLMate (using OpenSSL) for certificate management
          • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
          • PostgreSQL as preferred database system
          • Redis as preferred in-memory database/store (great for caching)

          The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

          • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
          • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
          • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
          • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
          • Scalability: All-in-one framework for distributed systems.
          • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
          See more
          Tymoteusz Paul
          Devops guy at X20X Development LTD · | 23 upvotes · 8.9M views

          Often enough I have to explain my way of going about setting up a CI/CD pipeline with multiple deployment platforms. Since I am a bit tired of yapping the same every single time, I've decided to write it up and share with the world this way, and send people to read it instead ;). I will explain it on "live-example" of how the Rome got built, basing that current methodology exists only of readme.md and wishes of good luck (as it usually is ;)).

          It always starts with an app, whatever it may be and reading the readmes available while Vagrant and VirtualBox is installing and updating. Following that is the first hurdle to go over - convert all the instruction/scripts into Ansible playbook(s), and only stopping when doing a clear vagrant up or vagrant reload we will have a fully working environment. As our Vagrant environment is now functional, it's time to break it! This is the moment to look for how things can be done better (too rigid/too lose versioning? Sloppy environment setup?) and replace them with the right way to do stuff, one that won't bite us in the backside. This is the point, and the best opportunity, to upcycle the existing way of doing dev environment to produce a proper, production-grade product.

          I should probably digress here for a moment and explain why. I firmly believe that the way you deploy production is the same way you should deploy develop, shy of few debugging-friendly setting. This way you avoid the discrepancy between how production work vs how development works, which almost always causes major pains in the back of the neck, and with use of proper tools should mean no more work for the developers. That's why we start with Vagrant as developer boxes should be as easy as vagrant up, but the meat of our product lies in Ansible which will do meat of the work and can be applied to almost anything: AWS, bare metal, docker, LXC, in open net, behind vpn - you name it.

          We must also give proper consideration to monitoring and logging hoovering at this point. My generic answer here is to grab Elasticsearch, Kibana, and Logstash. While for different use cases there may be better solutions, this one is well battle-tested, performs reasonably and is very easy to scale both vertically (within some limits) and horizontally. Logstash rules are easy to write and are well supported in maintenance through Ansible, which as I've mentioned earlier, are at the very core of things, and creating triggers/reports and alerts based on Elastic and Kibana is generally a breeze, including some quite complex aggregations.

          If we are happy with the state of the Ansible it's time to move on and put all those roles and playbooks to work. Namely, we need something to manage our CI/CD pipelines. For me, the choice is obvious: TeamCity. It's modern, robust and unlike most of the light-weight alternatives, it's transparent. What I mean by that is that it doesn't tell you how to do things, doesn't limit your ways to deploy, or test, or package for that matter. Instead, it provides a developer-friendly and rich playground for your pipelines. You can do most the same with Jenkins, but it has a quite dated look and feel to it, while also missing some key functionality that must be brought in via plugins (like quality REST API which comes built-in with TeamCity). It also comes with all the common-handy plugins like Slack or Apache Maven integration.

          The exact flow between CI and CD varies too greatly from one application to another to describe, so I will outline a few rules that guide me in it: 1. Make build steps as small as possible. This way when something breaks, we know exactly where, without needing to dig and root around. 2. All security credentials besides development environment must be sources from individual Vault instances. Keys to those containers should exist only on the CI/CD box and accessible by a few people (the less the better). This is pretty self-explanatory, as anything besides dev may contain sensitive data and, at times, be public-facing. Because of that appropriate security must be present. TeamCity shines in this department with excellent secrets-management. 3. Every part of the build chain shall consume and produce artifacts. If it creates nothing, it likely shouldn't be its own build. This way if any issue shows up with any environment or version, all developer has to do it is grab appropriate artifacts to reproduce the issue locally. 4. Deployment builds should be directly tied to specific Git branches/tags. This enables much easier tracking of what caused an issue, including automated identifying and tagging the author (nothing like automated regression testing!).

          Speaking of deployments, I generally try to keep it simple but also with a close eye on the wallet. Because of that, I am more than happy with AWS or another cloud provider, but also constantly peeking at the loads and do we get the value of what we are paying for. Often enough the pattern of use is not constantly erratic, but rather has a firm baseline which could be migrated away from the cloud and into bare metal boxes. That is another part where this approach strongly triumphs over the common Docker and CircleCI setup, where you are very much tied in to use cloud providers and getting out is expensive. Here to embrace bare-metal hosting all you need is a help of some container-based self-hosting software, my personal preference is with Proxmox and LXC. Following that all you must write are ansible scripts to manage hardware of Proxmox, similar way as you do for Amazon EC2 (ansible supports both greatly) and you are good to go. One does not exclude another, quite the opposite, as they can live in great synergy and cut your costs dramatically (the heavier your base load, the bigger the savings) while providing production-grade resiliency.

          See more
          GitHub logo

          GitHub

          281.7K
          245.9K
          10.3K
          Powerful collaboration, review, and code management for open source and private development projects
          281.7K
          245.9K
          + 1
          10.3K
          PROS OF GITHUB
          • 1.8K
            Open source friendly
          • 1.5K
            Easy source control
          • 1.3K
            Nice UI
          • 1.1K
            Great for team collaboration
          • 867
            Easy setup
          • 504
            Issue tracker
          • 486
            Great community
          • 483
            Remote team collaboration
          • 451
            Great way to share
          • 442
            Pull request and features planning
          • 147
            Just works
          • 132
            Integrated in many tools
          • 121
            Free Public Repos
          • 116
            Github Gists
          • 112
            Github pages
          • 83
            Easy to find repos
          • 62
            Open source
          • 60
            It's free
          • 60
            Easy to find projects
          • 56
            Network effect
          • 49
            Extensive API
          • 43
            Organizations
          • 42
            Branching
          • 34
            Developer Profiles
          • 32
            Git Powered Wikis
          • 30
            Great for collaboration
          • 24
            It's fun
          • 23
            Clean interface and good integrations
          • 22
            Community SDK involvement
          • 20
            Learn from others source code
          • 16
            Because: Git
          • 14
            It integrates directly with Azure
          • 10
            Standard in Open Source collab
          • 10
            Newsfeed
          • 8
            It integrates directly with Hipchat
          • 8
            Fast
          • 8
            Beautiful user experience
          • 7
            Easy to discover new code libraries
          • 6
            Smooth integration
          • 6
            Cloud SCM
          • 6
            Nice API
          • 6
            Graphs
          • 6
            Integrations
          • 6
            It's awesome
          • 5
            Quick Onboarding
          • 5
            Reliable
          • 5
            Remarkable uptime
          • 5
            CI Integration
          • 5
            Hands down best online Git service available
          • 4
            Uses GIT
          • 4
            Version Control
          • 4
            Simple but powerful
          • 4
            Unlimited Public Repos at no cost
          • 4
            Free HTML hosting
          • 4
            Security options
          • 4
            Loved by developers
          • 4
            Easy to use and collaborate with others
          • 3
            Ci
          • 3
            IAM
          • 3
            Nice to use
          • 3
            Easy deployment via SSH
          • 2
            Easy to use
          • 2
            Leads the copycats
          • 2
            All in one development service
          • 2
            Free private repos
          • 2
            Free HTML hostings
          • 2
            Easy and efficient maintainance of the projects
          • 2
            Beautiful
          • 2
            Easy source control and everything is backed up
          • 2
            IAM integration
          • 2
            Very Easy to Use
          • 2
            Good tools support
          • 2
            Issues tracker
          • 2
            Never dethroned
          • 2
            Self Hosted
          • 1
            Dasf
          • 1
            Profound
          CONS OF GITHUB
          • 54
            Owned by micrcosoft
          • 38
            Expensive for lone developers that want private repos
          • 15
            Relatively slow product/feature release cadence
          • 10
            API scoping could be better
          • 9
            Only 3 collaborators for private repos
          • 4
            Limited featureset for issue management
          • 3
            Does not have a graph for showing history like git lens
          • 2
            GitHub Packages does not support SNAPSHOT versions
          • 1
            No multilingual interface
          • 1
            Takes a long time to commit
          • 1
            Expensive

          related GitHub posts

          Johnny Bell

          I was building a personal project that I needed to store items in a real time database. I am more comfortable with my Frontend skills than my backend so I didn't want to spend time building out anything in Ruby or Go.

          I stumbled on Firebase by #Google, and it was really all I needed. It had realtime data, an area for storing file uploads and best of all for the amount of data I needed it was free!

          I built out my application using tools I was familiar with, React for the framework, Redux.js to manage my state across components, and styled-components for the styling.

          Now as this was a project I was just working on in my free time for fun I didn't really want to pay for hosting. I did some research and I found Netlify. I had actually seen them at #ReactRally the year before and deployed a Gatsby site to Netlify already.

          Netlify was very easy to setup and link to my GitHub account you select a repo and pretty much with very little configuration you have a live site that will deploy every time you push to master.

          With the selection of these tools I was able to build out my application, connect it to a realtime database, and deploy to a live environment all with $0 spent.

          If you're looking to build out a small app I suggest giving these tools a go as you can get your idea out into the real world for absolutely no cost.

          See more

          Context: I wanted to create an end to end IoT data pipeline simulation in Google Cloud IoT Core and other GCP services. I never touched Terraform meaningfully until working on this project, and it's one of the best explorations in my development career. The documentation and syntax is incredibly human-readable and friendly. I'm used to building infrastructure through the google apis via Python , but I'm so glad past Sung did not make that decision. I was tempted to use Google Cloud Deployment Manager, but the templates were a bit convoluted by first impression. I'm glad past Sung did not make this decision either.

          Solution: Leveraging Google Cloud Build Google Cloud Run Google Cloud Bigtable Google BigQuery Google Cloud Storage Google Compute Engine along with some other fun tools, I can deploy over 40 GCP resources using Terraform!

          Check Out My Architecture: CLICK ME

          Check out the GitHub repo attached

          See more