Top choice for agile project management in 2025?

I’ve been using monday dev for a while and it feels like a smoother experience than jira. Curious to hear how others use it for their dev teams.

https://redd.it/1o3t8ni
@r_devops

Why their response feels like a joke | shouldn’t they be restricting users from doing such things

Response from their team.

I’ve been using this e-learning platform for quite some time for Azure sandboxes, and out of curiosity, I tried editing the RBAC roles, and guess what? I actually could! I believe that’s the platform’s fault for not disabling such actions. I did end up doing things that were outside my allowed scope, which led to my account being suspended.

I contacted their support team about it, and while I understand their point that I wasn’t supposed to do it, I still think their response wasn’t ideal. Instead of investigating how I was able to make those changes and fixing the loophole to prevent others from doing the same, they simply expect me to refrain from doing it again. That doesn’t seem like the right way to handle the situation.

I also asked (before doing this) if there were any perks for reporting such platform issues, and they replied that no such program currently exists.

https://redd.it/1o3yui3
@r_devops

Cost of Secret Management - Don't let devs bother you

# The Hidden Cost of Secret Management: Developer Productivity

Day 1, New Developer:

PM: "Connect to the staging database"
Dev: "What's the connection string?"
PM: "Ask DevOps"
Dev: Opens Slack "Hey DevOps, need staging DB credentials"
DevOps: "Check the wiki"
Dev: Finds 3-year-old wiki page
DevOps: "That's outdated, I'll DM you"
DevOps: "Wait, I'm sure I've created a Vault in a specific account/sub for that, let me send a ticket to assign you roles/permissions"
3 hours later, developer can finally start working

This happens every sprint. For every new feature. For every environment.

# The Real Problem

It's not about where secrets are stored. It's about:

❌ No traceability \- Who changed the API key? When? Why?
❌ No collaboration \- PM can't see what configs exist, DevOps doesn't know what developers need
❌ No audit trail \- Compliance asks "who accessed prod secrets?" → checks Slack history
❌ No versioning \- Which version of the app needs which secrets?
❌ Lost productivity \- 2 hours per developer per sprint hunting for credentials

# What OneSeal Changes

Treat platform outputs like code:

# DevOps: Generate from infrastructure
oneseal generate terraform.tfstate --name @company/platform-staging

# Commit to git (encrypted)
git add platform-staging/
git commit -m "feat: add new S3 bucket for uploads"
git push

# Developer: Install like any dependency
npm install @company/platform-staging

In code:

import { State } from '@company/platform-staging';

const config = await new State().initialize();
console.log(config.s3.uploadBucket); // TypeScript knows this exists
console.log(config.database.host); // Autocomplete works

# What This Enables

For Developers:

✅ Onboarding: `npm install` instead of 2-hour credential hunt
✅ No typos: config.database.host instead of process.env.DATABSE_HOST
✅ Offline work: No VPN needed for config access
✅ Self-service: No waiting on DevOps for every environment

For DevOps:

✅ Infrastructure as code → config as code (same workflow)
✅ No more "what's the bucket name?" Slack messages
✅ Deploy new infrastructure → regenerate SDK → developers get updates
✅ Revoke access: Remove public key, regenerate

For Product/Management:

✅ Git history shows what changed, when, and by whom
✅ PR reviews for configuration changes
✅ Rollback configs like code: `git revert`
✅ Audit trail: Every secret access is logged in git

For Compliance/Security:

✅ Complete audit trail (who, what, when)
✅ Environment isolation (dev keys can't decrypt prod)
✅ Asymmetric encryption (each person has own key)
✅ No shared secrets

# The Workflow

DevOps sets up once:

# Generate keypairs for team
oneseal generate-key # Per developer
oneseal generate-key --output ci.key # For CI/CD

# Generate SDK with multiple recipients
oneseal generate terraform.tfstate \
--public-key alice.pub \
--public-key bob.pub \
--public-key ci.pub \
--name @company/platform-infra

Developers consume:

// No Slack messages
// No wiki hunting
// No waiting on DevOps
import { State } from '@company/platform-infra';
const config = await new State().initialize();

Product tracks changes:

git log platform-infra/
# See exactly what changed between releases
git diff v1.0.0 v1.1.0
# Compare configurations across versions

# Security Model

Each environment has different encryption keys
Developer with staging key cannot decrypt prod secrets
Production keys only in CI/CD and production infrastructure
Cryptographic isolation, not trust-based access control

# The Result

Before OneSeal:

New feature → 2 hours getting credentials
Environment broken → hunt through Slack for config
Compliance audit → reconstruct timeline from memory
Secret rotation → update 10 places manually

After

OneSeal:

New feature → `npm install` → start coding
Environment broken → git log shows what changed
Compliance audit → export git history
Secret rotation → regenerate SDK → bump version

Think of it as bringing GitOps practices to configuration management.

Built OneSeal to solve this: github.com/oneseal-io/oneseal

Terraform/Vault → encrypted SDK → version control → developer productivity

What's your onboarding time for new developers? How do you handle config/secret distribution across teams?

https://redd.it/1o40aq1
@r_devops

Will DevOps teams become smaller because of AI?

What are your thoughts? Any prior experiences from work would also be really appreciated...

https://redd.it/1o44drt
@r_devops

What category of software am I looking for?

The requirement from the business is:

As part of our running software we want to be able to 'send events' to a central place, and have other software consume them.

These 'events' might be informational or an error that has been hit.

Not huge volume, but important and very specific info about what has happened.

Like data processing of X data item from Y provider failed because Z reason.

We then want downstream services and guis to be able to subscribe to these 'events'.

Like in the above example, we might care about more providers than others.

Originally we thought this sounds like a logging problem, but I'm having my doubts about that. Realtime/push/apis being the main thing.

The more I dig, the more it sounds like this should be a solved problem and my googling is not helping.

I google event software and get random software to help organise events.

Is this a solved problem? maybe something that sits on top of a logging platform.

https://redd.it/1o44ng1
@r_devops

Loglens - complete log analysis with easy to learn syntax

hey guys

I recently made a new tool for log analysis.

It allows you to search and query your JSONL files with a more natural language syntax than your usual SQL/jq/grep/awk filters. It has a stats command to get all the important statistics for your files, and a smart TUI that can look into any log file of any size. Much focus has gone into performance and making sure it can parse very large files. It's faster than a standard jq or gunzip pipeline for querying because of the multi core processing. You can read zipped files directly without unzipping them first as well.

It's free to try out so let me know what you think if you find this useful. I'm quick to add new features so if there's something you think the tool should definitely be able to do let me know!

https://redd.it/1o49bge
@r_devops

Need Advice in Upskilling for Network Dev Engineer/Cloud Engineer Positions

Hey y'all, I've been searching the job market for Network Engineering positions and nearly all of them require CI/CD, Terraform or IaC, and Kubernetes experience. Trouble is, coding is my worst skill and I don't use these cloud services in my day job. I can read and understand Python but don't ask me to create something. If I study these core skills will my coding match up to what is needed?

I currently have my CCNA and AWS SAA certifications. But I'm stuck on where to study and skill up in next.

I have considered the following and curious is any of these certifications will give me the core knowledge for those skills in a NDE/Cloud Engineer role.

* Cisco DevNet Associate - seems too Cisco centric
* AWS DevOps - looks like it has core skills for CloudFormation but not Terraform. Maybe CI/CD?
* CKA - I've seen this one pop-up a lot on reddit, only touches on one of the skills
* CCNP-ENCOR with CCSDWI core - SDWAN core certification - network heavy obviously but some API exam topics. After all, it is software-defined.
* If there is a crash course in Python for these skills I'm definitely open to that as well


Any feedback and guidance is appreciated

https://redd.it/1o4b5gt
@r_devops

Overemployed Setup. Share your equipment, audio streams, and KVM options.

I'm thinking about how to improve my setup to be more comfortable managing both jobs, maybe even getting another one.

I'd like to know the setups of my more experienced overemployed friends. What do they use and how do they use them? Do they listen to everything through the same headset? Do they use a sound mixer? Do they have a dedicated microphone for each job? Do they use a KVM switch?

https://redd.it/1o4dp05
@r_devops

Stop losing customers to slow load times. What's you worst bounce rate experience ?

Hii,You guys!

I want to share something with you all, for months my co-founder and i were really really losing our minds. we did spend serious money on Google Ads to bring people to our store and What! only to watch them bounce before the product image even loaded fully. We were literally paying for traffic just to frustrate people. We really tried every possible complicated speed plugin its either broke our site or made zero difference.

We eventually got so damn fed up that we decided to build the thing we actually needed and created "Website Speedy" tool because we were tried of being tied up knots over speed optimization. If your site is moving slowly, you're not just annoying the customers but you're throwing money away on Ads.

Okay has anyone else been absolutely by slow load times? And What was your biggest 'I quit' moment ? Tell me.





https://redd.it/1o4fzyk
@r_devops

What's the one of your project you're most proud of, even if it never got a ton of traction ?

Hii guys!

I have been working on a speed optimization tool ( Website Speedy ) and truthfully it can be a real grind some days and it got me thinking about all the other developers out there.

What's a project you poured your heart into? Share some of your story whether it's a website, cool command line tool, a game whatever and what you built and why it matters to you ?

https://redd.it/1o4ioo0
@r_devops

How do you test IaC nginx configs in CI before deploying?

Our team would like to store nginx configs in git and deploy them via Gitlab CI/CD + Ansible. That idea sounds pretty smart to me as it helps to follow and check any changes we want to make in nginx configs and with proper checking process it should reduce amount of errors.

My first impulse was to pass changed configs into nginx docker container in CI job and run nginx -t in it but heres a problem that I have bumped into: you cant check configs without failure if you have not exact same copy of files that you are including into configs, for example snippets, keys and etc. But this is a sensitive information and I dont want to reflect secrets in git however I also cant ignore those included files in configs because I'm going to deploy them in later stage of pipeline. My stupid idea is to store empty dummy files which nginx could open without failures so we can check syntax of configs and deploy them if checks are passed.

Im not sure that this solution is optimal. GPT gives me the same solution but maybe I could find any brilliant idea here or just learn something new. So how do you keep nginx in IaC? Do you just write new configs and instantly deploy them or do you check them beforehand and if yes how do you do that?

https://redd.it/1o4imsf
@r_devops

Diagram tools

Hi everyone, which diagram tools you use to create infrastructure diagrams? I personally like Lucid but it’s not free, alternative is Draw.io but it feels outdated. Which diagram tools would you recommend?

https://redd.it/1o4lbp8
@r_devops

AI tools in DevOps

Hi all, I am just wondering how AI tools are adopted in your DevOps teams? I feel like DevOps is critical role and tool(s) selection is crucial. In my team, on a enterprise client project, we’re limited to GitHub copilot, but I see a lot of cool AI tools that might help in everyday tasks. One good example that I miss from my previous project is OpenCommit which generates commit messages using AI. Are you currently using any AI tools and how?

https://redd.it/1o4m4u6
@r_devops

How’s the DevOps/SRE job market in India right now for experienced folks?

Hey folks,

Just wanted to check how the job scene’s been lately for people with 10+ years of experience in DevOps/SRE.

I’ve got around 13 years of hands-on experience across IaC, CI/CD, cloud platforms, automation, and monitoring. But honestly, I haven’t been getting as many interview calls lately.

I’m based in a city that’s mostly full of service-based companies, so I’ve been actively looking for remote opportunities, ideally with product-based or global companies.

Curious to know —
• How’s the market looking for senior DevOps/SRE roles?
• Are remote jobs still a thing for Indian engineers?
• Any tips on improving visibility — like where to look, how to get noticed, certifications that actually help, or any job boards that work?

Would love to hear how others are navigating this phase.

https://redd.it/1o4pwsv
@r_devops

Bulk PatchMon auto-enrolment for LXCs
https://www.reddit.com/gallery/1o4io0o

https://redd.it/1o4rqcf
@r_devops

How to bootstrap argoCD cluster with Bitwarden as a secrets manager?

So, to start things off I'm relatively new to DevOps and GitOps. I'm trying to initialize an argoCD cluster using the declarative approach. As you know, argoCD has a application spec repository whose credentials it needs to bootstrap because that's where the config files are. After reading the docs I found out the external secrets operator server needs to run HTTPS (and it recommends cert-manager for this). So, I'm trying to initialze the cluster with argoCD configs, sealed secrets and an ESO to get the secrets BUT the ESO needs https which again is cert-manager. So, other than manually installing the cert-manager outside of argo and setting it up that way how would I do it? I'm also thinking just putting secrets in a sealed secret without an ESO to bootstrap argo first and then install everything else. If I missed anything please let me know.

https://redd.it/1o4sacp
@r_devops

How to totally manage GitHub with Terraform/OpenTofu?

Basically all I need to do is like create Teams, permissions, Repositories, Branching & merge strategy, Projects (Kanban) in terraform or opentofu. How can I test it out at the first hand before testing with my org account. As we are up for setting up for a new project, thought we could manage all these via github providers.

https://redd.it/1o4s1nl
@r_devops

Centralizing GitHub repo deployments with environment variables and secrets: what is the best strategy?

I have somewhere 30+ repos that use a .py noscript to deploy the code via GitHub Actions. The .py file is the same in every repo, except the passed environment variables and secrets from GitHub Repository configuration. Nevertheless, there exists a hassle to change all repos after every change made to the .py file. But it wasn't too much of work until now that I decide to tackle it.

I am thinking about "consolidating" it such that:
- There is a single repo that serves as the "deployment code" for other repos
- Other repos will connect and use the .py file in that template repo to deploy code

Is this a viable approach? Additionally, if I check out two times to both repo, will the connection to the service originated from the child repo, or the template repo?

Any other thought is appreciated.

https://redd.it/1o506dx
@r_devops

Built a Claude Code plugin for Google Genkit with 6 commands + VS Code extension

I built a plugin that adds /genkit-init, /genkit-run, /genkit-flow (with RAG/Chat/Tool templates), /genkit-deploy, and /genkit-doctor commands.
Also published a VS Code extension with the same features + code snippets and a Genkit Explorer sidebar.
Quick install:
• Claude Code: /plugin marketplace add https://github.com/amitpatole/claude-genkit-plugin.git
• VS Code: ext install amitpatole.genkit-vscode
Supports TypeScript, JS, Go, Python. Works with Claude, Gemini, GPT, and local models. Deploys to Cloud Run, Vercel, Docker, etc. Comes with a specialized @genkit-assistant that knows Genkit inside-out.
Built 34 plugins total (test generation, monitoring, image/audio/video, vector DBs, etc.) - all MIT licensed.
GitHub: https://github.com/amitpatole/claude-genkit-plugin
Would love feedback from the community!

https://redd.it/1o51vkq
@r_devops

AWS to GCP Migration Case Study: Zero-Downtime ECS to GKE Autopilot Transition, Secure VPC Design, and DNS Lessons Learned

Just wrapped up a hands-on AWS to GCP migration for a startup, swapping ECS for GKE Autopilot, S3 for GCS, RDS for Cloud SQL, and Route 53 for Cloud DNS across dev and prod environments. We achieved near-zero downtime using Database Migration Service (DMS) with continuous replication (32 GB per environment) and phased DNS cutovers, though we did run into a few interesting SSL validation issues with Ingress.

Key wins:

* Strengthened security with private VPC subnets, public subnets backed by Cloud NAT, and SSL-enforced Memorystore Redis.
* Bastion hosts restricted to debugging only.
* GitHub Actions CI/CD integrated via Workload Identity Federation for frictionless deployments.

If you’re planning a similar lift-and-shift, check out the full step-by-step breakdown and architecture diagrams in my latest Medium article.
[Read the full article on Medium](https://medium.com/@rasvihostings/migrating-a-startup-from-aws-to-gcp-a-step-by-step-journey-efeb2bc20334)

What migration war stories do you have? Did you face challenges with Global Load Balancer routing or VPC peering?
I’d love to hear how others navigated the classic “chicken-and-egg” DNS swap problem.

**(I led this project happy to answer any questions!)**

https://redd.it/1o5044g
@r_devops