#Heading 1
##Heading 2
###Heading 3
####Heading 4
#####Heading 5
Guy Barros GuyBarros
GuyBarros
/ vault_ldap.tf
Created
September 26, 2022 14:54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "vault_mount" "ldap" { | |
| path = "ldap" | |
| type = "openldap" | |
| description = "LDAP Secret Engine" | |
| } | |
| resource "vault_generic_endpoint" "openldapconfig" { | |
| depends_on = [vault_mount.ldap] | |
| path = "${vault_mount.ldap.path}/config" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Executing the command below will bring a list of entities , their auth method and their id: | |
| Export VAULT_ADDR=https://<Vault_address>:8200 | |
| export VAULT_TOKEN=<Vault_token> | |
| export VAULT_NAMESPACE=<Vault_namespace> |
GuyBarros
/ MY_TLS_LOGIN_SETUP
Created
April 29, 2021 10:44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################ start ################################################# | |
| ############################### | |
| export VAULT_ADDR=https://vault.hashidemos.io:8200 | |
| export VAULT_TOKEN=s.evX | |
| # Set up the PKI Secret Engine | |
| ############################### | |
| ## Root CA Mount |
GuyBarros
/ jenkins_create_approle_secret
Created
February 9, 2021 12:41
script to create approle credential
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hudson.util.Secret | |
| import com.datapipe.jenkins.vault.credentials.* | |
| import com.cloudbees.plugins.credentials.impl.* | |
| import com.cloudbees.plugins.credentials.* | |
| import com.cloudbees.plugins.credentials.domains.* | |
| | |
| | |
| VaultAppRoleCredential customCredential = new VaultAppRoleCredential( | |
| CredentialsScope.GLOBAL, | |
| 'custom-credential', |
GuyBarros
/ hashicorp-vault-helm-values.yaml
Created
November 2, 2020 17:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global: | |
| # enabled is the master enabled switch. Setting this to true or false | |
| # will enable or disable all the components within this chart by default. | |
| enabled: true | |
| # TLS for end-to-end encrypted transport | |
| tlsDisable: true | |
| # If deploying to OpenShift | |
| psp: | |
| enable: false |
GuyBarros
/ vault4pfx.hcl
Created
December 18, 2019 15:43
A TFScript to connect to Vault , generate a PKI cert and use that cert as the seed for a pfx file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "vault_host" { | |
| description = "Vault hostname" | |
| default = "vault.ric-lnd-stack.ric.aws.hashidemos.io" | |
| } | |
| terraform { | |
| backend "remote" { | |
| organization = "hc-emea-sentinel-demo" | |
| workspaces { | |
| name = "vault-integration" | |
| } |
GuyBarros
/ readme.md
Last active
October 22, 2019 08:30
— forked from benstr/readme.md
Gist Markdown Cheatsheet
GuyBarros
/ gist:3a9901a22bd52ae0f4f5e1f7154468a1
Created
July 26, 2019 14:53
startigng of vault notifier
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Steps to make a Control Group Notifier | |
| 1) list all Tokens | |
| curl -X LIST \ | |
| http://eu-guystack-vault-561637873.eu-west-2.elb.amazonaws.com:8200/v1/auth/token/accessors \ | |
| -H 'Accept: */*' \ | |
| -H 'Accept-Encoding: gzip, deflate' \ | |
| -H 'Cache-Control: no-cache' \ | |
| -H 'Connection: keep-alive' \ |
GuyBarros
/ Ansible - Vault SSH-CA
Created
March 18, 2019 08:45
Ansible playbook that uses Vault Approlle to generate a SSH -CA
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - | |
| hosts: localhost | |
| gather_facts: false | |
| vars: | |
| secret_token: '${option.vault_token}' | |
| role_id: '${option.approle_id}' | |
| tasks: | |
| - | |
| name: 'Get secret id from role_id' | |
| uri: {url: 'http://active.vault.service.consul:8200/v1/auth/approle/role/my-role/secret-id', method: POST, headers: {X-Vault-Token: '{{ secret_token }}'}, body_format: json, status_code: 200} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "variables": { | |
| "version": "", | |
| "memory" : "8196", | |
| "cpucorecount": "4" | |
| }, | |
| "provisioners": [ | |
| { | |
| "type": "file", | |
| "source": "bootcamp.rli", |