Skip to content

Instantly share code, notes, and snippets.

View 111a5ab1's full-sized avatar

ワサビ (Wasabi) 111a5ab1

7 followers · 8 following
View GitHub Profile
@111a5ab1
111a5ab1 / gnome-keyring-daemon.adoc
Created March 11, 2022 12:13
gnome-keyring-daemon SSH issue with resident keys on a YubiKey

sign_and_send_pubkey: signing failed for ED25519-SK

TL;DR

When attempting to SSH with a ed25519-sk resident key if you get the following error:

sign_and_send_pubkey: signing failed for ED25519-SK "" from agent: agent refused operation
@111a5ab1
111a5ab1 / gist:4aea3d89a4bbe22989c853044da4b2b2
Created May 31, 2023 03:01
Terraform Vault provider via UDS
$ terraform plan
2023-05-31T12:57:28.618+1000 [INFO] Terraform version: 1.3.7
2023-05-31T12:57:28.618+1000 [DEBUG] using github.com/hashicorp/go-tfe v1.9.0
2023-05-31T12:57:28.618+1000 [DEBUG] using github.com/hashicorp/hcl/v2 v2.15.0
2023-05-31T12:57:28.618+1000 [DEBUG] using github.com/hashicorp/terraform-config-inspect v0.0.0-20210209133302-4fd17a0faac2
2023-05-31T12:57:28.618+1000 [DEBUG] using github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734
2023-05-31T12:57:28.618+1000 [DEBUG] using github.com/zclconf/go-cty v1.12.1
2023-05-31T12:57:28.618+1000 [INFO] Go runtime version: go1.19.4
2023-05-31T12:57:28.618+1000 [INFO] CLI args: []string{"terraform", "plan"}
2023-05-31T12:57:28.618+1000 [DEBUG] Attempting to open CLI config file: /home/parallels/.terraformrc
@111a5ab1
111a5ab1 / tofu-encryption.adoc
Last active May 11, 2024 13:58 
$ TF_LOG=trace tofu apply
2024-05-11T23:52:39.482+1000 [INFO]  OpenTofu version: 1.7.1
2024-05-11T23:52:39.483+1000 [DEBUG] using github.com/hashicorp/go-tfe v1.36.0
2024-05-11T23:52:39.483+1000 [DEBUG] using github.com/opentofu/hcl/v2 v2.0.0-20240416130056-03228b26f391
2024-05-11T23:52:39.483+1000 [DEBUG] using github.com/hashicorp/terraform-svchost v0.1.1
2024-05-11T23:52:39.483+1000 [DEBUG] using github.com/zclconf/go-cty v1.14.4
2024-05-11T23:52:39.483+1000 [INFO]  Go runtime version: go1.21.3
2024-05-11T23:52:39.483+1000 [INFO]  CLI args: []string{"tofu", "apply"}
@111a5ab1
111a5ab1 / Agent Auto Auth - Cert Method with mTLS.adoc
Last active July 16, 2024 22:49

!! INSECURE - DO NOT USE THIS IN PRODUCTION !!

An EXTREMELY INSECURE example to demonstrate using Cert based Auto Auth method with Vault Agent where client authentication (mTLS) is required to communicate with Vault Server (tls_require_and_verify_client_cert = true).

A work-around is needed due to client_cert and client_key files in the vault stanza not being reloaded from disk when sending a SIGHUP to Vault Agent. This requires killing and restarting the Vault Agent in order to load the new Client certificate.

Cert

  1. Create temporary directory