René Welches

TECH NOTES TO MYSELF

Securing Proxmox API Tokens with Apple Keychain Access for Terraform

Store and retrieve Proxmox credentials securely using macOS Keychain instead of plain text files

Introduction

When working with Terraform to manage Proxmox infrastructure, you need to authenticate. Proxmox offers three options: API Token, Auth Ticket, and Username/Password.

In my setup, I use API Tokens for authentication with Proxmox. The approach described here should also work with username/password combinations.

Storing these credentials in plain text files or environment variables poses security risks, especially if you accidentally commit them to version control. macOS provides a secure solution: the Keychain Access, which encrypts and manages passwords system-wide.

Posted by Rene Welches on Tuesday, December 9, 2025
Last Modified on Tuesday, January 6, 2026

Secure Home Network Access with Twingate

Alternative setup to Pi-Hole and Pi-VPN with Twingate, Home Assistant and AdGuard Home

Introduction

Today, I had a chance to try out my new Twingate setup, and I noticed that my DNS wasn’t working. In this guide, I’ll show you how to set up Twingate to access your home network resources, including how to configure DNS using AdGuard Home on Home Assistant.

In the past, I used Pi-Hole (for ad blocking/DNS) and PiVPN (with WireGuard protocol), a Google domain, and Inadyn (DDNS client) for VPN. Everything was working great until Google decided to sell their DNS business to Squarespace (not a great move, Google). To make matters worse, Squarespace doesn’t support DDNS. I was already considering switching my DNS to something like Cloudflare, but then I saw NetworkChuck promoting Twingate and decided to give it a try. And I must say, I love it.

Posted by Rene Welches on Thursday, November 13, 2025
Last Modified on Friday, December 12, 2025