r/DevOpsLinks

Certificate Lifecycle management
▲ 15 r/DevOpsLinks+3 crossposts

Certificate Lifecycle management

hi Guys,
I appreciate the time if you read all of this.
Certificates are one of those things that only get attention when they break something.

An internal service stops working.

A browser starts throwing trust warnings.

A customer-facing cert expires.

Someone asks where the private key is.

Nobody is quite sure who uploaded it, who can access it, or what else depends on it.

That’s the problem CertLocker is trying to solve.

CertLocker is a certificate and access control platform for teams running real infrastructure. The certificate side is built around visibility, control, and lifecycle management rather than just storing PEM

files somewhere and hoping everyone remembers renewal dates.

What CertLocker supports today:

- certificate inventory with search, paging, sorting, and group filters

- upload and management of PEM/CRT certificates

- optional private key storage with protected read paths

- certificate parsing for domains, SANs, issuer, validity dates, and fingerprints

- expiry tracking, including days-until-expiry visibility

- active, expired, and revoked status handling

- certificate download for authorized users

- certificate deletion for authorized users

- certificate tokens for controlled access workflows

- group-scoped certificate visibility

- role-based permissions for viewing, adding, downloading, and deleting certs

- audit logging around certificate actions

- dashboard visibility for renewable/expiring assets

- ACME workflow support for automated certificate operations

- DNS provider management for certificate automation workflows

The bigger idea is that certificates should not be treated as loose files.

They usually sit next to secrets, hosts, SSH access, bastions, service accounts, deployment scripts, and human operators. CertLocker connects those pieces together so a certificate is a managed asset with

ownership, permissions, expiry, audit history, and controlled access.

We're offering free registration and management here trust.certlocker.io
And we do offer an on-prem model. But you can check out the blog as well I'm pretty active and you can see the problems we are solving https://certlocker.io/blog/

u/SuccessFearless2102 — 1 day ago
▲ 333 r/DevOpsLinks+69 crossposts

I built an open-source, self-hosted AI gateway: 237 providers (90+ free), auto-fallback combos, and a 10-engine token-compression pipeline (MIT)

Builders-welcome post with the substance up front (disclosure: I'm the maintainer). OmniRoute is a free, MIT, self-hosted AI gateway — one OpenAI-compatible endpoint over 237 providers — built around two problems: runs dying on a provider 429, and tokens bleeding on tool/log output.

One endpoint, 237 providers — 90+ of them free. You point any tool or agent at a single OpenAI-compatible endpoint (localhost:20128/v1) and it can reach 237 LLM providers without you rewriting anything. 90+ have free tiers and 11 are free forever (no card), which aggregates to ~1.6B documented free tokens/month — and that's honest, pool-deduped math (we count each shared pool once instead of inflating it; the methodology is public in the repo). There's a one-command setup-* for 13+ coding tools (Claude Code, Codex, Cursor, Cline, Roo, Kilo, Gemini CLI…), so switching your existing setup over takes seconds.

Fallback combos — so it never stops mid-task. A "combo" is a ladder of models the router walks automatically: your subscription first, then API keys, then cheap models, then free ones. When a provider returns a 500 or you hit a rate limit, it slides to the next target in milliseconds, mid-request, and your tool never even sees the error. There are 17 routing strategies (priority, weighted, round-robin, cost-optimized, auto/coding:fast…) plus three resilience layers — a per-provider circuit breaker, a per-key cooldown, and a per-model lockout — so one dead key can't take down a whole provider.

Fusion — an ensemble mode for the hard steps. Beyond simple routing, there's a fusion strategy that fans a single prompt out to a panel of different models in parallel and then has a judge model synthesize one best answer (mixture-of-agents, built in). It's cost-aware, so easy turns stay on one fast model and it only fuses when the step is worth it.

A 10-engine compression pipeline — the part most routers don't have. Every request flows through a transparent compression pass you can toggle/stack per combo. Instead of one trick, it stacks the best of the open-source ecosystem: RTK filters command/tool output (git diffs, test logs, builds) at 60–90%, Microsoft's LLMLingua-2 does ML semantic pruning, Caveman handles prose, session-dedup strips repeats across turns. Critically, code, URLs and JSON are preserved byte-perfect, and a default-on inflation guard throws the compressed version away and sends the original if compressing would actually grow the prompt — it never makes things worse. On tool-heavy sessions that's ~89% average input-token reduction (an 8k-token git diff becomes a few hundred). Full credit to every upstream project (RTK, Caveman, LLMLingua-2, Troglodita) is in the README.

Agent-native — the agent can drive the router itself. There's a built-in MCP server (95 tools across 30 audited scopes, over stdio / SSE / streamable-HTTP), plus A2A (v0.3, JSON-RPC 2.0) support. That means an agent can query providers, switch combos, read its own remaining quota and manage memory through the gateway — not just consume tokens through it.

It's 100% local (zero telemetry, AES-256-GCM at rest), MIT-licensed, has a prompt-injection guard on every LLM route, opt-in memory, and runs on npm, Docker, desktop or your phone via Termux.

For context on whether it's worth your time: it's grown to ~9.8K GitHub stars, 1,490+ forks and 280+ contributors in ~4.5 months, with 21,000+ automated tests and 1,830+ issues closed — so it's a battle-tested project, not a brand-new experiment.

npm install -g omniroute

GitHub: https://github.com/diegosouzapw/OmniRoute · Site: https://omniroute.online

Would value a critique of the routing/compression architecture from this crowd.

u/ZombieGold5145 — 3 days ago
▲ 1 r/DevOpsLinks+1 crossposts

New to DevOps – What Should I Learn Next?

Hi everyone,
I’m new to the DevOps world and have recently started my learning journey.
So far, I’ve learned:
Docker
Git
GitHub
GitLab
Now I’m a bit confused about what to learn next. There are so many technologies and roadmaps available that it’s hard to know what to prioritize.
If you were starting from scratch today, what would you recommend learning next? Should I focus on:
Linux
Kubernetes
CI/CD (Jenkins, GitHub Actions, GitLab CI)
Terraform
Ansible
AWS/Azure/GCP
Monitoring tools like Prometheus and Grafana
Could you also share the roadmap that helped you become a DevOps engineer? I’d really appreciate any advice, learning resources, or personal experiences.
Thanks in advance for your guidance!

reddit.com
u/Own-Combination-3853 — 5 days ago
▲ 10 r/DevOpsLinks+2 crossposts

I Updated My Database Backup Guide with a Config Generator Tool. Perfect for self hosted Laravel.

I refreshed my most-read article on automated database backups with Docker Compose. The underlying image moved to nfrastack/container-db-backup, so I updated the whole guide with the new multi-job config format. I also built a little JavaScript configurator that generates docker-compose and .env files on the fly. If you run multiple Laravel projects and want scheduled backups without manual copy-paste, this might save you some time.

https://danielpetrica.com/easy-database-backups-with-docker-compose/

u/HolyPad — 4 days ago
▲ 4 r/DevOpsLinks+1 crossposts

We are building Ai-powered infrastructure so, need to clarify doubts regarding infrastructure requests.

I hope you don't mind me reaching out. I'm trying to better understand how platform and DevOps teams manage infrastructure requests, and I'd really appreciate your perspective.

If you have a minute, could you please share:

- Roughly how many infrastructure requests your team handles in a typical day or week?
- What types of requests you see most often?
- Which part of handling those requests tends to take the most time?

Even a brief reply would be incredibly helpful. Thanks so much!

reddit.com
u/Rakesh_Nalla — 4 days ago
▲ 0 r/DevOpsLinks+2 crossposts

It is 2026 and I am still building a private module registry :)

Most registries seem optimized for formal repository setup, official releases, and strict SemVer requirements. In practice, I often just want to publish a module from a PR, share it with a team, and iterate quickly. S3 or Git could be a solution but lack features of a central registry, like visibility control and analytics.

So I built Unmold. It supports CLI-based publishing, direct CI/CD integration, and non-SemVer versions while remaining compatible with the Terraform/OpenTofu registry spec.

It's especially useful for development snapshots, testing, and pre-release modules.

Take a look: https://unmold.dev

Note: this is still a very early-stage project, so feedback is greatly appreciated.

unmold.dev
u/OddyJoe — 13 days ago