multipass launch -m2G -c2 -d5G -n "k8scp" lts --network "en0" wget https://cm.lf.training/LFS258/LFS258_V2023-09-14_SOLUTIONS.tar.xz --user=LFtraining --password=Penguin2014
tar -xvf LFS258_V2023-09-14_SOLUTIONS.tar.xz
Guy Barros GuyBarros
GuyBarros
/ get_secret_count.sh
Created
January 15, 2025 13:23
script to get secret count from telemetry
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| minutes=30 # Note that this script may take up to 30m to run, or longer if `minutes=30` was changed. | |
| # The count_secrets.sh script is intended to be used to query the sys/metrics endpoint of a Vault cluster and extract the | |
| # sum of all KV secrets counts across all namespaces. This relies on the | |
| # https://developer.hashicorp.com/vault/docs/configuration/telemetry#usage_gauge_period configuration not being disabled, | |
| # and on | |
| # https://developer.hashicorp.com/vault/docs/configuration/telemetry#prometheus_retention_time not being set to 0. | |
| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export VAULT_ADDR=https://localhost:8200 | |
| export VAULT_TOKEN=root | |
| CHILD_CA=admin/kms | |
| # Root CA | |
| vault secrets enable -path=pki_root pki | |
| # tune to 10 years | |
| vault secrets tune -max-lease-ttl=87600h pki_root | |
| # Generate internal certificate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "vault_mount" "ca_root" { | |
| path = "ca_root" | |
| type = "pki" | |
| max_lease_ttl_seconds = 315360000 # 10 years | |
| } | |
| resource "vault_pki_secret_backend_root_cert" "ca_root" { | |
| backend = vault_mount.ca_root.path |
GuyBarros
/ vault-non-disruptive-pki-rotation_sh
Created
December 16, 2022 15:25
vault 1.11+ non disruptive pki rotation example script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env zsh | |
| ########### | |
| # Root CA # | |
| ########### | |
| vault secrets enable pki | |
| vault secrets tune -max-lease-ttl=87600h pki |
GuyBarros
/ vault_ldap.tf
Created
September 26, 2022 14:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "vault_mount" "ldap" { | |
| path = "ldap" | |
| type = "openldap" | |
| description = "LDAP Secret Engine" | |
| } | |
| resource "vault_generic_endpoint" "openldapconfig" { | |
| depends_on = [vault_mount.ldap] | |
| path = "${vault_mount.ldap.path}/config" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Executing the command below will bring a list of entities , their auth method and their id: | |
| Export VAULT_ADDR=https://<Vault_address>:8200 | |
| export VAULT_TOKEN=<Vault_token> | |
| export VAULT_NAMESPACE=<Vault_namespace> |
GuyBarros
/ MY_TLS_LOGIN_SETUP
Created
April 29, 2021 10:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################ start ################################################# | |
| ############################### | |
| export VAULT_ADDR=https://vault.hashidemos.io:8200 | |
| export VAULT_TOKEN=s.evX | |
| # Set up the PKI Secret Engine | |
| ############################### | |
| ## Root CA Mount |
GuyBarros
/ jenkins_create_approle_secret
Created
February 9, 2021 12:41
script to create approle credential
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hudson.util.Secret | |
| import com.datapipe.jenkins.vault.credentials.* | |
| import com.cloudbees.plugins.credentials.impl.* | |
| import com.cloudbees.plugins.credentials.* | |
| import com.cloudbees.plugins.credentials.domains.* | |
| | |
| | |
| VaultAppRoleCredential customCredential = new VaultAppRoleCredential( | |
| CredentialsScope.GLOBAL, | |
| 'custom-credential', |
GuyBarros
/ hashicorp-vault-helm-values.yaml
Created
November 2, 2020 17:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| # enabled is the master enabled switch. Setting this to true or false | |
| # will enable or disable all the components within this chart by default. | |
| enabled: true | |
| # TLS for end-to-end encrypted transport | |
| tlsDisable: true | |
| # If deploying to OpenShift | |
| psp: | |
| enable: false |
NewerOlder