Is it possible HTTP Public Key Pinning on shared servers? - pinning

Is it possible HTTP Public Key Pinning (HPKP) on shared servers?
How to make this using php?

Related

Is there a way to specify different credentials for multi container app services?

I'm using a multi-container app service where my docker compose needs to retrieve one image from a public repository and another from a private repository, Azure's one
I noticed that if I set the token in configuration settings, its used in both requests, one to the public and one to the private repository.
Is there a way to specify which token gets used so we don't unnecessarily send tokens to public sites?

how to get private key of Github Pages auto issued HTTPS certificate

Github pages custom domain service automatically issue a Let’s Encrypt SSL certificate for https connection. my problem is, how to get the private key of this certificate? is it possible?
if the certificate is obtained by myself, the private key locate in /etc/letsencrypt/live, but github pages seem not support self obtained certificate.
That feature has been proposed since May 2018, and is part of the "Securing your GitHub Pages site with HTTPS"
It is a server-side (github.io) feature, which means the private key remains... private, on the server.
It should therefore not be possible to get it back.

Metamask private Key

i'm working on an Electron application with Metamask.
I need the private Key from the account in Metamask to use it in my application. Is there an easy way to get the private key imported into my application with an api call (with entering the password)?
Thanks
No, because that would violate entire security model of metamask.

How to use OAuth2.0 to authorize Google Container Engine APIs

I am trying to make a call using the Google Container Engine API via my browser. I have created both a client ID and the public API access key.
When I try to use the public API access key, I always get unuauthorized:
https://www.googleapis.com/container/v1beta1/projects/cohesive-feat-92204/clusters?fields=clusters%2FmasterAuth&key=XXXXXXXXXXXXXXX
(where XXXXX... is my key)
Is there a document that describes all the required values for the call? How you specify the client ID and the client secret etc...where you put in the scope, etc...
This link https://cloud.google.com/container-engine/docs/v1beta1/libraries gives me a 404
This is the same question as Google Container Engine REST API Authorization and the answer is that a public API access key cannot be used to access the Google Container Engine API.

Securely storage

My app contain a security key which I need to send every time I call web service.
The code is not provided by the user, it's in the code and it won't be changed.
For now I store the key as a string in code.
I need to store it somewhere, the ideal solution would be .config file where I could store it in appSettings and I could also encode the file. I know that there is not such a file available in WP, but what is the WP alternative.
Do you know any way I can securely store the security key?
Thanks in advance.
Instead of securely storing the key with your xap, use your server to distribute key to the app.
When your app opens for the first time, get the key from server, encrypt it and store it in IsolatedStorageSettings. For subsequent app sessions, decrypt and use the same.
The current scenario is, all XAPs on store are encrypted and there is no way to get access to your dll without interop unlock. However, if you are not doing a Silverlight application and instead do a WinRT application, the APPX package is not encrypted and anyone can download it from the store.
If you are going with a Silverlight app, it is secure enough to put the key in IsolatedStorageSettings after encrypting. If it is a WinRT app, you can get the key from your server.