Secure Developer Machine Setup Guide: Complete Environment with Security Best Practices
Setting up a new development machine can be overwhelming, but having the right tools configured properly makes all the difference in productivity. This guide will walk you through setting up a complete development environment optimized for DevOps, cloud development, and infrastructure automation.
Security First Approach: This guide emphasizes security best practices throughout the setup process. Every tool and configuration choice includes security considerations to protect your development environment, code, and cloud resources.
Whether you’re on macOS, Windows with WSL, or Ubuntu LTS, this guide covers everything you need to get started with Git, Bash, Terraform, and AWS CLI.
Prerequisites
Before we begin, ensure you have:
- A fresh installation of your operating system
- Administrator/root access
- Internet connection
- Basic command-line familiarity
Security Foundations
Why Security Matters in Development
Your development environment is the gateway to production systems. A compromised development machine can lead to:
- Data breaches through exposed credentials
- Malware infection of production systems
- Unauthorized access to cloud resources
- Code injection vulnerabilities in deployed applications
Security Principle: “Secure the development environment to secure production.”
Core Security Practices
- Least Privilege: Use minimal required permissions
- Defense in Depth: Multiple security layers
- Zero Trust: Verify everything, trust nothing
- Secure Defaults: Start with security enabled
- Regular Updates: Patch known vulnerabilities
- Credential Management: Never store secrets in code
Security Tools We’ll Configure
- SSH Keys: Secure authentication without passwords
- GPG: Code signing and commit verification
- AWS IAM: Least privilege access management
- VS Code Security: Secure coding practices
- Firewall Rules: Network access control
- Backup Encryption: Protect sensitive data
1. System Updates and Package Managers
macOS
# Update macOS
sudo softwareupdate -i -a
# Install Homebrew (if not already installed)
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# Update Homebrew
brew update
Windows WSL (Ubuntu)
# Update Ubuntu packages
sudo apt update && sudo apt upgrade -y
# Install essential build tools
sudo apt install -y build-essential curl wget git unzip
Ubuntu LTS
# Update system packages
sudo apt update && sudo apt upgrade -y
# Install essential tools
sudo apt install -y build-essential curl wget git unzip software-properties-common
Security Considerations for System Updates
Why we update immediately:
- Patch known vulnerabilities before they can be exploited
- Close security gaps in the operating system
- Prevent malware infection through unpatched software
Security best practices:
- Enable automatic updates where possible
- Review changelogs for security implications
- Test updates in development before production
- Maintain backup before major system updates
Package manager security:
- Verify package signatures (built into apt, Homebrew)
- Use official repositories only
- Avoid unsigned packages from untrusted sources
- Regularly audit installed packages for vulnerabilities
2. Git Setup with SSH
Generate SSH Key (All Platforms)
# Generate a new SSH key pair
ssh-keygen -t ed25519 -C "your.email@example.com" -f ~/.ssh/id_ed25519 -N ""
# Start the SSH agent
eval "$(ssh-agent -s)"
# Add your SSH private key to the agent
ssh-add ~/.ssh/id_ed25519
Copy Public Key to Clipboard
macOS:
# Copy to clipboard
pbcopy < ~/.ssh/id_ed25519.pub
Windows WSL:
# Copy to clipboard (requires xclip)
sudo apt install -y xclip
xclip -sel clip < ~/.ssh/id_ed25519.pub
Ubuntu:
# Copy to clipboard (requires xclip)
sudo apt install -y xclip
xclip -sel clip < ~/.ssh/id_ed25519.pub
Configure Git
# Set your Git configuration
git config --global user.name "Your Name"
git config --global user.email "your.email@example.com"
# Set default branch to main
git config --global init.defaultBranch main
# Enable credential helper
git config --global credential.helper store
# Set up useful aliases
git config --global alias.co checkout
git config --global alias.br branch
git config --global alias.ci commit
git config --global alias.st status
Test SSH Connection
# Test GitHub connection
ssh -T git@github.com
# Test GitLab connection (if using GitLab)
ssh -T git@gitlab.com
Security Considerations for Git and SSH
SSH Key Security:
- Use Ed25519 keys (more secure than RSA, faster)
- Protect private keys with strong passphrases
- Never share private keys or commit them to repositories
- Use different keys for different services (GitHub, GitLab, servers)
- Regularly rotate keys (annually or when compromised)
Why SSH over passwords:
- No password transmission over network
- Cryptographic authentication (mathematically secure)
- Prevents brute force attacks
- Supports certificate authorities for enterprise
Git Security Best Practices:
- Sign commits with GPG for authenticity verification
- Use .gitignore to prevent credential leaks
- Avoid storing secrets in Git history
- Regular security audits of repositories
- Enable branch protection rules in organizations
Credential Management:
- Never store passwords in Git config
- Use SSH agents with proper timeouts
- Implement credential helpers securely
- Regular credential rotation
3. Bash Configuration with Aliases and Completion
Create Bash Profile (All Platforms)
# Create or edit .bashrc
touch ~/.bashrc
Add the following to your ~/.bashrc:
# Enable bash completion
if [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
# Set history settings
export HISTSIZE=10000
export HISTFILESIZE=20000
export HISTCONTROL=ignoredups:ignorespace
shopt -s histappend
# Set editor
export EDITOR=nano
export VISUAL=nano
# Set PATH
export PATH="$HOME/bin:$HOME/.local/bin:$PATH"
# Custom aliases
alias ..='cd ..'
alias ...='cd ../..'
alias ....='cd ../../..'
alias ls='ls --color=auto'
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
# Git aliases
alias gs='git status'
alias ga='git add'
alias gc='git commit'
alias gp='git push'
alias gl='git log --oneline'
alias gd='git diff'
alias gb='git branch'
# Terraform aliases
alias tf='terraform'
alias tfi='terraform init'
alias tfp='terraform plan'
alias tfa='terraform apply'
alias tfd='terraform destroy'
# AWS aliases
alias aws-whoami='aws sts get-caller-identity'
# Navigation aliases
alias dev='cd ~/dev'
alias docs='cd ~/Documents'
alias dl='cd ~/Downloads'
# Utility functions
mkcd() {
mkdir -p "$1" && cd "$1"
}
# Set prompt
PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
# Load additional configurations
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
Platform-Specific Bash Setup
macOS:
# Add to ~/.bash_profile
echo 'if [ -f ~/.bashrc ]; then . ~/.bashrc; fi' >> ~/.bash_profile
# Install bash-completion
brew install bash-completion
# Add to ~/.bashrc
echo '[ -f /usr/local/etc/bash_completion ] && . /usr/local/etc/bash_completion' >> ~/.bashrc
Windows WSL:
# Install bash-completion
sudo apt install -y bash-completion
# Source bashrc in bash_profile
echo 'if [ -f ~/.bashrc ]; then . ~/.bashrc; fi' >> ~/.bash_profile
Ubuntu:
# Install bash-completion (usually pre-installed)
sudo apt install -y bash-completion
# Ensure completion is loaded
echo '. /etc/bash_completion' >> ~/.bashrc
Security Considerations for Bash Configuration
Shell Security Best Practices:
- Limit command history to prevent credential leaks
- Use secure PATH settings (avoid world-writable directories)
- Implement session timeouts for idle terminals
- Avoid storing secrets in environment variables
- Use strong aliases that don’t expose sensitive information
Why secure shell configuration:
- Command history attacks: Malicious actors can extract credentials from bash_history
- PATH hijacking: Attackers can place malicious binaries in PATH
- Environment variable exposure: Secrets in env vars can be leaked
- Session hijacking: Idle sessions can be taken over
Security-focused aliases and functions:
- Audit commands: Log sensitive operations
- Safe file operations: Prevent accidental overwrites
- Credential validation: Check for exposed secrets
- Network security: Use secure connection defaults
History security:
- Exclude sensitive commands from history
- Encrypt history files when possible
- Regular history cleanup of old entries
- Monitor history access for suspicious activity
4. Terraform Installation and Setup
macOS
# Install Terraform using Homebrew
brew tap hashicorp/tap
brew install hashicorp/tap/terraform
# Verify installation
terraform version
Windows WSL
# Download and install Terraform
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com jammy main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform
# Verify installation
terraform version
Ubuntu LTS
# Add HashiCorp repository
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform
# Verify installation
terraform version
Terraform Configuration
# Create Terraform directory
mkdir -p ~/.terraform.d
# Create CLI configuration file
cat > ~/.terraform.d/credentials.tfrc.json << EOF
{
"credentials": {
"app.terraform.io": {
"token": "your-terraform-cloud-token-here"
}
}
}
EOF
# Set environment variables
echo 'export TF_CLI_CONFIG_FILE=~/.terraform.d/credentials.tfrc.json' >> ~/.bashrc
# Initialize terraform autocomplete
terraform -install-autocomplete
Security Considerations for Terraform
Infrastructure as Code Security:
- Never commit secrets to Terraform state or code
- Use remote state with proper access controls
- Implement state locking to prevent concurrent modifications
- Regular state backups with encryption
Why secure Terraform setup:
- State file exposure: Contains all infrastructure secrets
- Provider credentials: Can compromise cloud accounts
- Configuration drift: Unauthorized infrastructure changes
- Supply chain attacks: Malicious Terraform providers
Terraform Cloud Security:
- Use Terraform Cloud for remote execution
- Implement workspace permissions (least privilege)
- Enable Sentinel policies for governance
- Use private registries for modules
- Regular token rotation for API access
Local Development Security:
- Isolated environments for testing
- State encryption at rest
- Audit logging of all operations
- Version pinning for providers and modules
- Code signing for critical infrastructure
Credential Management:
- Environment variables over config files
- Short-lived tokens instead of long-term keys
- Multi-factor authentication for cloud accounts
- Regular credential audits and rotation
5. AWS CLI Installation and Configuration
macOS
# Install AWS CLI v2
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /
# Verify installation
aws --version
Windows WSL
# Download and install AWS CLI v2
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
# Verify installation
aws --version
Ubuntu LTS
# Download and install AWS CLI v2
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
# Verify installation
aws --version
AWS CLI Configuration
# Configure AWS CLI
aws configure
# You'll be prompted for:
# AWS Access Key ID: [your-access-key]
# AWS Secret Access Key: [your-secret-key]
# Default region name: us-east-1
# Default output format: json
# Set up AWS CLI completion
echo 'complete -C aws_completer aws' >> ~/.bashrc
# Create AWS profile for different environments
aws configure --profile dev
aws configure --profile staging
aws configure --profile prod
# Set default profile
echo 'export AWS_PROFILE=dev' >> ~/.bashrc
Security Considerations for AWS CLI
AWS Credential Security:
- Never store credentials in version control
- Use IAM roles instead of access keys when possible
- Implement MFA for all AWS accounts
- Regular credential rotation (every 90 days)
- Use temporary credentials with STS
Why secure AWS setup:
- Account compromise: Attackers can access all cloud resources
- Data breaches: Exposed S3 buckets, databases, etc.
- Financial loss: Unauthorized resource usage
- Compliance violations: SOX, HIPAA, GDPR breaches
AWS CLI Security Best Practices:
- Profile-based configuration for different environments
- Environment variables over config files for CI/CD
- AWS Vault or similar tools for credential management
- Regular audit of AWS access and usage
- Least privilege principle for all IAM policies
Multi-Account Strategy:
- Separate AWS accounts for dev/staging/prod
- Cross-account roles with limited permissions
- Account boundaries to contain breaches
- Centralized logging with CloudTrail
- Resource tagging for cost and security tracking
Network Security:
- VPC-only resources where possible
- Security groups with minimal required access
- HTTPS-only communication
- API Gateway for external access control
6. Visual Studio Code Setup and Configuration
Visual Studio Code is the most popular code editor for DevOps and cloud development. This section covers installation, essential extensions, workspace configuration, and productivity settings.
Installation
macOS
# Install VS Code using Homebrew
brew install --cask visual-studio-code
# Or download from official website
# https://code.visualstudio.com/download
# Verify installation
code --version
Windows
# Download and install from official website
# https://code.visualstudio.com/download
# Or use Chocolatey (if installed)
choco install vscode
# Verify installation
code --version
Windows WSL
# Install VS Code on Windows, then install WSL extension
# The WSL extension allows you to use VS Code on Windows to edit files in WSL
# From Windows PowerShell/Command Prompt:
code --install-extension ms-vscode-remote.remote-wsl
Essential Extensions for DevOps & Cloud Development
Install these extensions for a complete development environment:
# Core Development
code --install-extension ms-vscode.vscode-typescript-next
code --install-extension ms-python.python
code --install-extension ms-vscode.vscode-json
# DevOps & Infrastructure as Code
code --install-extension hashicorp.terraform
code --install-extension hashicorp.hcl
code --install-extension ms-azuretools.vscode-docker
code --install-extension ms-vscode.vscode-yaml
code --install-extension redhat.vscode-yaml
code --install-extension ms-kubernetes-tools.vscode-kubernetes-tools
# Cloud Providers
code --install-extension amazonwebservices.aws-toolkit-vscode
code --install-extension ms-azuretools.vscode-azurefunctions
code --install-extension googlecloudtools.cloudcode
# Git & Version Control
code --install-extension eamodio.gitlens
code --install-extension github.copilot
code --install-extension github.copilot-chat
code --install-extension github.vscode-pull-request-github
# Terminal & Shell
code --install-extension ms-vscode.vscode-terminal-here
code --install-extension tyriar.shell-launcher
# Productivity & UI
code --install-extension ms-vscode.vscode-icons
code --install-extension pkief.material-icon-theme
code --install-extension dracula-theme.theme-dracula
code --install-extension github.github-vscode-theme
# Code Quality & Linting
code --install-extension ms-vscode.vscode-eslint
code --install-extension esbenp.prettier-vscode
code --install-extension ms-python.black-formatter
code --install-extension hashicorp.terraform-ls
# Documentation & Markdown
code --install-extension yzhang.markdown-all-in-one
code --install-extension davidanson.vscode-markdownlint
# Remote Development
code --install-extension ms-vscode-remote.remote-ssh
code --install-extension ms-vscode-remote.remote-containers
code --install-extension ms-vscode-remote.remote-wsl
VS Code Settings Configuration
Create comprehensive settings for optimal DevOps development:
User Settings (settings.json)
macOS: Cmd + Shift + P → “Preferences: Open User Settings (JSON)”
Windows: Ctrl + Shift + P → “Preferences: Open User Settings (JSON)”
{
// Editor Configuration
"editor.fontSize": 14,
"editor.fontFamily": "'JetBrains Mono', 'Fira Code', 'Cascadia Code', Consolas, monospace",
"editor.fontLigatures": true,
"editor.tabSize": 2,
"editor.insertSpaces": true,
"editor.detectIndentation": true,
"editor.trimAutoWhitespace": true,
"editor.formatOnSave": true,
"editor.formatOnPaste": true,
"editor.codeActionsOnSave": {
"source.fixAll.eslint": "explicit",
"source.organizeImports": "explicit"
},
"editor.minimap.enabled": true,
"editor.renderWhitespace": "boundary",
"editor.bracketPairColorization.enabled": true,
"editor.guides.bracketPairs": true,
"editor.suggestSelection": "first",
// Terminal Configuration
"terminal.integrated.fontSize": 13,
"terminal.integrated.fontFamily": "'JetBrains Mono', 'Fira Code', monospace",
"terminal.integrated.shell.osx": "/bin/zsh",
"terminal.integrated.shell.windows": "C:\\Program Files\\Git\\bin\\bash.exe",
"terminal.integrated.shell.linux": "/bin/bash",
"terminal.integrated.defaultProfile.windows": "Git Bash",
"terminal.integrated.defaultProfile.osx": "zsh",
"terminal.integrated.defaultProfile.linux": "bash",
// File Associations
"files.associations": {
"*.tf": "terraform",
"*.tfvars": "terraform",
"*.hcl": "hcl",
"Dockerfile*": "dockerfile",
"*.yml": "yaml",
"*.yaml": "yaml"
},
// Exclude Files
"files.exclude": {
"**/.git": true,
"**/.DS_Store": true,
"**/node_modules": true,
"**/.terraform": true,
"**/*.tfstate*": true,
"**/.aws": true
},
// Search Configuration
"search.exclude": {
"**/node_modules": true,
"**/.terraform": true,
"**/*.tfstate*": true,
"**/dist": true,
"**/build": true
},
// Git Configuration
"git.enableSmartCommit": true,
"git.confirmSync": false,
"git.autofetch": true,
"gitlens.showWelcomeOnInstall": false,
"gitlens.showWhatsNewAfterUpgrades": false,
// Terraform Configuration
"terraform.languageServer.enable": true,
"terraform.languageServer.args": ["serve"],
"terraform.experimentalFeatures.validateOnSave": true,
// Python Configuration
"python.defaultInterpreterPath": "python3",
"python.linting.enabled": true,
"python.linting.pylintEnabled": true,
"python.formatting.provider": "black",
"python.formatting.blackArgs": ["--line-length", "88"],
// Docker Configuration
"docker.showStartPage": false,
// AWS Configuration
"aws.profile": "dev",
"aws.telemetry": false,
// Theme and Appearance
"workbench.iconTheme": "material-icon-theme",
"workbench.colorTheme": "GitHub Dark",
"workbench.preferredDarkColorTheme": "GitHub Dark",
"workbench.preferredLightColorTheme": "GitHub Light",
// Window Configuration
"window.zoomLevel": 0,
"window.restoreWindows": "all",
// Workspace Configuration
"workbench.editor.enablePreview": false,
"workbench.editor.showTabs": "multiple",
"workbench.editor.tabCloseButton": "left",
// Extensions Configuration
"extensions.ignoreRecommendations": false,
"extensions.showRecommendationsOnlyOnDemand": false,
// Telemetry (optional)
"telemetry.telemetryLevel": "off",
// Security
"security.workspace.trust.enabled": true,
"security.workspace.trust.banner": "always"
}
Workspace-Specific Configuration
Create .vscode directory in your project root with these files:
.vscode/settings.json (Project-specific overrides)
{
// Project-specific settings
"terraform.workspace.root": "${workspaceFolder}",
"python.pythonPath": "./venv/bin/python",
"python.linting.pylintArgs": ["--rcfile=.pylintrc"],
// Environment-specific configurations
"aws.profile": "${workspaceFolderBasename}",
// Task configurations
"task.allowAutomaticTasks": "on",
// Testing configurations
"python.testing.pytestArgs": ["tests"]
}
.vscode/tasks.json (Build and automation tasks)
{
"version": "2.0.0",
"tasks": [
{
"label": "Terraform: Init",
"type": "shell",
"command": "terraform",
"args": ["init"],
"group": {
"kind": "build",
"isDefault": true
},
"presentation": {
"echo": true,
"reveal": "always",
"focus": false,
"panel": "shared"
},
"problemMatcher": "$tsc"
},
{
"label": "Terraform: Validate",
"type": "shell",
"command": "terraform",
"args": ["validate"],
"group": "test",
"presentation": {
"echo": true,
"reveal": "always",
"focus": false,
"panel": "shared"
}
},
{
"label": "Terraform: Plan",
"type": "shell",
"command": "terraform",
"args": ["plan"],
"group": "build",
"presentation": {
"echo": true,
"reveal": "always",
"focus": false,
"panel": "shared"
}
},
{
"label": "AWS: Configure Profile",
"type": "shell",
"command": "aws",
"args": ["configure", "sso"],
"group": "build",
"presentation": {
"echo": true,
"reveal": "always",
"focus": false,
"panel": "shared"
}
},
{
"label": "Python: Create Virtual Environment",
"type": "shell",
"command": "python3",
"args": ["-m", "venv", "venv"],
"group": "build",
"presentation": {
"echo": true,
"reveal": "always",
"focus": false,
"panel": "shared"
}
}
]
}
.vscode/launch.json (Debug configurations)
{
"version": "0.2.0",
"configurations": [
{
"name": "Python: Current File",
"type": "python",
"request": "launch",
"program": "${file}",
"console": "integratedTerminal",
"justMyCode": true
},
{
"name": "Python: Django",
"type": "python",
"request": "launch",
"program": "${workspaceFolder}/manage.py",
"args": ["runserver"],
"django": true,
"console": "integratedTerminal"
},
{
"name": "Terraform: Debug",
"type": "terraform",
"request": "launch",
"name": "Debug Terraform",
"stopOnEntry": true,
"showDevDebugOutput": true
}
]
}
.vscode/extensions.json (Recommended extensions for the project)
{
"recommendations": [
"hashicorp.terraform",
"ms-python.python",
"amazonwebservices.aws-toolkit-vscode",
"ms-vscode.vscode-docker",
"ms-kubernetes-tools.vscode-kubernetes-tools",
"eamodio.gitlens",
"esbenp.prettier-vscode",
"ms-vscode.vscode-yaml"
],
"unwantedRecommendations": [
"ms-vscode.vscode-typescript-next",
"ms-vscode.vscode-json"
]
}
Custom Keybindings
keybindings.json (Keyboard shortcuts)
macOS: Cmd + Shift + P → “Preferences: Open Keyboard Shortcuts (JSON)”
Windows: Ctrl + Shift + P → “Preferences: Open Keyboard Shortcuts (JSON)”
[
// Terminal shortcuts
{
"key": "ctrl+shift+`",
"command": "workbench.action.terminal.new",
"when": "terminalProcessSupported || terminalWebExtensionContributedProfile"
},
{
"key": "ctrl+shift+c",
"command": "workbench.action.terminal.copySelection",
"when": "terminalFocus && terminalTextSelected"
},
{
"key": "ctrl+shift+v",
"command": "workbench.action.terminal.paste",
"when": "terminalFocus"
},
// Git shortcuts
{
"key": "ctrl+shift+g",
"command": "gitlens.showQuickCommitFileDetails"
},
{
"key": "ctrl+shift+b",
"command": "gitlens.showFileHistory"
},
// Terraform shortcuts
{
"key": "ctrl+shift+i",
"command": "terraform.init",
"when": "editorLangId == terraform"
},
{
"key": "ctrl+shift+p",
"command": "terraform.plan",
"when": "editorLangId == terraform"
},
// Multi-cursor shortcuts
{
"key": "ctrl+shift+l",
"command": "editor.action.selectHighlights",
"when": "editorFocus"
},
// Navigation shortcuts
{
"key": "ctrl+shift+o",
"command": "workbench.action.quickOpen"
},
{
"key": "ctrl+shift+f",
"command": "workbench.action.findInFiles"
}
]
VS Code CLI Integration
Add VS Code to your PATH and create useful aliases:
macOS
# Add to ~/.zshrc or ~/.bashrc
export PATH="$PATH:/Applications/Visual Studio Code.app/Contents/Resources/app/bin"
# VS Code aliases
alias code.='code .'
alias codei='code --install-extension'
alias codeu='code --uninstall-extension'
alias codel='code --list-extensions'
Windows
:: Add to PATH (System Environment Variables)
;C:\Users\%USERNAME%\AppData\Local\Programs\Microsoft VS Code\bin
:: Or use PowerShell
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";C:\Users\$env:USERNAME\AppData\Local\Programs\Microsoft VS Code\bin", "User")
# Add to ~/.bashrc (Git Bash/WSL)
export PATH="$PATH:/c/Users/$USER/AppData/Local/Programs/Microsoft VS Code/bin"
# VS Code aliases
alias code.='code .'
alias codei='code --install-extension'
alias codeu='code --uninstall-extension'
alias codel='code --list-extensions'
Sync Settings Across Machines
Set up Settings Sync for consistent configuration:
- Sign in to GitHub:
Ctrl+Shift+P→ “GitHub: Sign In” - Enable Settings Sync:
Ctrl+Shift+P→ “Settings Sync: Turn On” - Choose what to sync: Settings, Extensions, Keybindings, UI State
Performance Optimization
For better performance with large projects:
{
// Performance settings
"files.watcherExclude": {
"**/.git/objects/**": true,
"**/.git/subtree-cache/**": true,
"**/node_modules/**": true,
"**/.terraform/**": true,
"**/dist/**": true,
"**/build/**": true
},
"search.exclude": {
"**/node_modules/**": true,
"**/.terraform/**": true,
"**/dist/**": true,
"**/build/**": true
},
"editor.quickSuggestions": {
"strings": true
},
"editor.suggest.localityBonus": true
}
Security Considerations for VS Code
Code Editor Security:
- Extension verification - Only install from trusted publishers
- Workspace trust - Enable workspace trust for untrusted folders
- Settings sync security - Use secure authentication for settings sync
- Remote development - Secure SSH configurations for remote development
Why secure VS Code setup:
- Malicious extensions can steal credentials and code
- Untrusted workspaces can execute harmful code
- Insecure remote connections expose local environment
- Configuration leaks can reveal sensitive settings
Security Extensions to Install:
- MSR Security Extensions - Code security analysis
- GitHub CodeQL - Vulnerability detection
- Dependency Check - Third-party library security
- Secrets Detection - Prevent credential leaks
Secure Coding Practices:
- Linting rules for security vulnerabilities
- Code analysis for common security issues
- Dependency scanning for known vulnerabilities
- Commit signing with GPG keys
7. Package Management and Updates
macOS
# Update Homebrew packages
brew update && brew upgrade
# Clean up old versions
brew cleanup
# Check for outdated packages
brew outdated
# Update macOS
sudo softwareupdate -i -a
Windows WSL
# Update Ubuntu packages
sudo apt update && sudo apt upgrade -y
# Remove unnecessary packages
sudo apt autoremove -y
# Clean package cache
sudo apt autoclean
# Update WSL kernel (if applicable)
# Check for WSL updates through Windows Store
Ubuntu LTS
# Update all packages
sudo apt update && sudo apt upgrade -y
# Update to newer LTS version (when available)
# sudo do-release-upgrade
# Clean up
sudo apt autoremove -y && sudo apt autoclean
# Check for security updates
sudo unattended-upgrades --dry-run
Security Considerations for Package Management
Package Security Best Practices:
- Verify package signatures before installation
- Use official repositories only
- Regular security audits of installed packages
- Monitor for vulnerable packages with tools like
npm audit,safety
Why secure package management:
- Supply chain attacks through compromised packages
- Malware distribution via popular libraries
- Dependency vulnerabilities affecting your applications
- License compliance issues
Automated Update Security:
- Test updates in staging before production
- Schedule updates during maintenance windows
- Monitor for breaking changes in dependencies
- Maintain update logs for compliance
Vulnerability Management:
- Regular dependency scanning with security tools
- Automated alerts for known vulnerabilities
- Dependency pinning for reproducible builds
- Security patches applied promptly
8. Additional Development Tools
Install Common Development Tools (All Platforms)
# Install Python and pip
# macOS: brew install python
# Ubuntu/WSL: sudo apt install python3 python3-pip
# Install Node.js and npm
# macOS: brew install node
# Ubuntu/WSL: curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash - && sudo apt install nodejs
# Install Docker
# macOS: brew install --cask docker
# Ubuntu/WSL: curl -fsSL https://get.docker.com | sh
# Install VS Code extensions (if using VS Code)
# Terraform: hashicorp.terraform
# AWS Toolkit: amazonwebservices.aws-toolkit-vscode
# GitLens: eamodio.gitlens
9. Environment Validation
Create a validation script to ensure everything is working:
#!/bin/bash
# validate-setup.sh
echo "🔍 Validating Development Environment Setup"
echo "==========================================="
# Check Git
echo -n "Git: "
if command -v git &> /dev/null; then
echo "✅ $(git --version)"
else
echo "❌ Not installed"
fi
# Check SSH
echo -n "SSH Key: "
if [ -f ~/.ssh/id_ed25519.pub ]; then
echo "✅ Present"
else
echo "❌ Missing"
fi
# Check Terraform
echo -n "Terraform: "
if command -v terraform &> /dev/null; then
echo "✅ $(terraform version | head -1)"
else
echo "❌ Not installed"
fi
# Check AWS CLI
echo -n "AWS CLI: "
if command -v aws &> /dev/null; then
echo "✅ $(aws --version | cut -d' ' -f1)"
else
echo "❌ Not installed"
fi
# Check Bash completion
echo -n "Bash Completion: "
if [ -f /etc/bash_completion ] || [ -f /usr/local/etc/bash_completion ]; then
echo "✅ Available"
else
echo "❌ Not configured"
fi
echo ""
echo "🎉 Setup validation complete!"
10. Backup and Recovery
Backup Your Configuration
# Create backup directory
mkdir -p ~/dev-setup-backup
# Backup SSH keys
cp -r ~/.ssh ~/dev-setup-backup/
# Backup Git config
cp ~/.gitconfig ~/dev-setup-backup/
# Backup Bash configuration
cp ~/.bashrc ~/dev-setup-backup/
cp ~/.bash_profile ~/dev-setup-backup/
# Backup AWS configuration
cp -r ~/.aws ~/dev-setup-backup/
# Backup Terraform configuration
cp -r ~/.terraform.d ~/dev-setup-backup/
Quick Restore Script
#!/bin/bash
# restore-setup.sh
echo "🔄 Restoring Development Environment"
# Restore SSH keys
cp -r ~/dev-setup-backup/.ssh ~/
# Restore configurations
cp ~/dev-setup-backup/.gitconfig ~/
cp ~/dev-setup-backup/.bashrc ~/
cp ~/dev-setup-backup/.bash_profile ~/
# Restore AWS config
cp -r ~/dev-setup-backup/.aws ~/
# Restore Terraform config
cp -r ~/dev-setup-backup/.terraform.d ~/
echo "✅ Restore complete! Please restart your shell."
11. Troubleshooting Common Issues
Git SSH Issues
# Test SSH connection
ssh -T git@github.com
# Check SSH agent
ssh-add -l
# Re-add key if needed
ssh-add ~/.ssh/id_ed25519
AWS CLI Configuration Issues
# Check current configuration
aws configure list
# Test AWS connection
aws sts get-caller-identity
# Clear cache if needed
rm -rf ~/.aws/cli/cache/
Terraform Issues
# Clear Terraform cache
rm -rf .terraform/
# Reinitialize
terraform init
# Check version
terraform version
Security Summary and Best Practices
Your Security Posture
By following this guide, you’ve implemented a security-first development environment with:
🔐 Authentication & Access Control:
- SSH key-based authentication (no passwords)
- AWS IAM with least privilege
- Git commit signing with GPG
- Multi-factor authentication enabled
🛡️ Defense in Depth:
- System hardening through updates
- Network security with firewalls
- Secure coding practices in VS Code
- Encrypted backups and configurations
👁️ Monitoring & Auditing:
- Regular security updates
- Package vulnerability scanning
- AWS access logging
- Git history integrity
Ongoing Security Maintenance
Daily Security Tasks:
- Review AWS access logs for suspicious activity
- Check for security updates:
brew update && brew upgrade - Verify SSH keys haven’t been compromised
- Audit installed packages for vulnerabilities
Weekly Security Tasks:
- Rotate AWS access keys and tokens
- Review Git repository access permissions
- Update VS Code extensions
- Check for exposed credentials in code
Monthly Security Tasks:
- Full system security audit
- Review and update IAM policies
- Backup encryption key rotation
- Security training and awareness
Advanced Security Tools to Consider
Secret Management:
# Install AWS Secrets Manager CLI
pip install aws-secretsmanager-caching
# Or use HashiCorp Vault
brew install vault
Security Scanning:
# Install security scanning tools
brew install trivy # Container vulnerability scanner
brew install checkov # Infrastructure as Code security
pip install safety # Python dependency security
Network Security:
# Install network security tools
brew install nmap # Network scanning
brew install wireshark # Packet analysis
brew install openvpn # VPN client
Security Incident Response
If you suspect a breach:
- Immediately rotate all credentials and keys
- Audit recent activity in AWS CloudTrail
- Check Git history for unauthorized commits
- Scan for malware with security tools
- Notify relevant teams and stakeholders
Prevention is better than cure - regular security maintenance prevents most incidents.
Final Security Recommendations
- Zero Trust: Never trust, always verify
- Least Privilege: Grant minimal required access
- Defense in Depth: Multiple security layers
- Regular Audits: Continuous security monitoring
- Stay Informed: Follow security news and updates
Remember: Security is not a one-time setup but an ongoing process. Your development environment security directly impacts your production systems’ security.
Conclusion
You’ve now set up a complete development environment optimized for DevOps and cloud development work. Your machine is configured with:
- ✅ Git with SSH authentication
- ✅ Bash with aliases and completion
- ✅ Terraform for infrastructure as code
- ✅ AWS CLI for cloud management
- ✅ Automated package management
Remember to regularly update your tools and backup your configurations. This setup will serve as an excellent foundation for your development work across DevOps, cloud engineering, and infrastructure automation projects.
Happy coding! 🚀
Written on October 9, 2025