GuyBarros

export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=
export VAULT_NAMESPACE=
export KMIP_PATH=kmip


# Iterate over the KMIP Secret Engine to get all Scopes
KMIP_SCOPES=$(curl -H "X-Vault-Token: ${VAULT_TOKEN}" -H "X-Vault-Request: true" "${VAULT_ADDR}/v1/${KMIP_PATH}/scope?list=true" | jq -r '.data.keys[]' )
# KMIP_SCOPES=$(curl -H "X-Vault-Token: ${VAULT_TOKEN}" -H "X-Vault-Request: true" -H "X-Vault-Namespace: ${VAULT_NAMESPACE}" "${VAULT_ADDR}/v1/${KMIP_PATH}/scope?list=true" | jq -r '.data.keys[]' )

GuyBarros

#!/usr/bin/env bash
set -euo pipefail

# --- Config (override via env or CLI) -----------------------------------------
VAULT_ADDR="${VAULT_ADDR:-http://127.0.0.1:8200}"
VAULT_TOKEN="${VAULT_TOKEN:-root}"
VAULT_NAMESPACE="${VAULT_NAMESPACE:-}"         # e.g., "admin" or "" for root
TRANSIT_PATH="${TRANSIT_PATH:-transit}"        # mount path of transit (e.g., "transit")
KEY_NAME="${KEY_NAME:-dek-demo}"               # transit key name (must exist)
MESSAGE="${MESSAGE:-hello-envelope}"           # message to encrypt

GuyBarros

#!/usr/bin/env bash
set -euo pipefail

# ================== Config (env overrides allowed) ============================
VAULT_ADDR="${VAULT_ADDR:-http://127.0.0.1:8200}"
VAULT_TOKEN="${VAULT_TOKEN:?set VAULT_TOKEN}"
VAULT_NAMESPACE="${VAULT_NAMESPACE:-}"            # leave empty if not using namespaces

TRANSIT_MOUNT="${TRANSIT_MOUNT:-transit}"         # transit mount
HOTP_KEY_NAME="${HOTP_KEY_NAME:-hotp-demo}"       # transit HMAC key name

GuyBarros

#! /bin/bash
################################
# Requirements: curl, jq
################################

## avoid the last trailling forward slash /

usage="$(basename "$0") [-a consul_http_address] [-t acl_token] [-e IS_ENTERPRISE] [-l LIST_INSTACES]
where 
    -a Consul HTTP(s) Address.

GuyBarros

#!/bin/bash
#
# Usage: Pass in a Terraform State file through a pipe
# e.g.
# cat terraform.tfstate | count.sh


# For each resource in the TF State file...
# we only count managed resources (i.e. not data sources)
# we explicitly ignore null resources (terraform_data and null_resource)

GuyBarros

#!/bin/bash

minutes=30 # Note that this script may take up to 30m to run, or longer if `minutes=30` was changed.

# The count_secrets.sh script is intended to be used to query the sys/metrics endpoint of a Vault cluster and extract the
# sum of all KV secrets counts across all namespaces.  This relies on the
# https://developer.hashicorp.com/vault/docs/configuration/telemetry#usage_gauge_period configuration not being disabled,
# and on
# https://developer.hashicorp.com/vault/docs/configuration/telemetry#prometheus_retention_time not being set to 0.
#

GuyBarros

export VAULT_ADDR=https://localhost:8200
export VAULT_TOKEN=root

# Root CA
vault secrets enable -path=pki_root pki
# tune to 10 years
vault secrets tune -max-lease-ttl=87600h pki_root

# Generate internal certificate
vault write -field=certificate pki_root/root/generate/internal \

GuyBarros

resource "vault_mount" "ca_root" {
path = "ca_root"
type = "pki"
max_lease_ttl_seconds = 315360000 # 10 years
}

  

resource "vault_pki_secret_backend_root_cert" "ca_root" {
backend = vault_mount.ca_root.path

GuyBarros

multipass launch -m2G -c2 -d5G -n "k8scp" lts --network "en0" 

K8SCP

wget https://cm.lf.training/LFS258/LFS258_V2023-09-14_SOLUTIONS.tar.xz --user=LFtraining --password=Penguin2014

tar -xvf LFS258_V2023-09-14_SOLUTIONS.tar.xz

GuyBarros

#!/usr/bin/env zsh

###########
# Root CA #
###########

vault secrets enable pki

vault secrets tune -max-lease-ttl=87600h pki