Ranjit Viswakumar WhatsARanjit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "switch" { | |
| default = true | |
| } | |
| locals { | |
| prov_cmd = var.switch ? "echo 'YES'" : "echo 'NO'" | |
| } | |
| resource "null_resource" "test" { | |
| provisioner "local-exec" { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ vault kv put secret/stuff fruit=apple color=red | |
| == Secret Path == | |
| secret/data/stuff | |
| ======= Metadata ======= | |
| Key Value | |
| --- ----- | |
| created_time 2023-10-04T19:20:52.20066Z | |
| custom_metadata <nil> | |
| deletion_time n/a |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [ -f "dontdoit" ]; then | |
| RESULT="true" | |
| else | |
| RESULT="false" | |
| fi | |
| echo "{ \"check\": \"$RESULT\" }" |
WhatsARanjit
/ shell.sh
Created
August 22, 2022 18:14
Vault EGP Sentinel for no wildcard AWS IAM permissions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Setup AWS secrets | |
| vault secrets enable aws | |
| vault write aws/config/root \ | |
| access_key=$AWS_ACCESS_KEY_ID \ | |
| secret_key=$AWS_SECRET_ACCESS_KEY \ | |
| region=us-east-1 | |
| # Write the Actions policy | |
| # https://github.com/hashicorp/vault-guides/blob/master/governance/sentinel/inline-iam-actions.sentinel | |
| POLICY=$(base64 inline_iam_actions.sentinel) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export ORG="current_name" | |
| export NEW="new_name" | |
| curl -sk \ | |
| -X PATCH \ | |
| -H "Authorization: Bearer $TFH_token" \ | |
| -H "Content-Type: application/vnd.api+json" \ | |
| -d "{ \"data\": { \"type\": \"organizations\", \"attributes\": { \"name\": \"$NEW\" } } }" \ | |
| "https://app.terraform.io/api/v2/organizations/${ORG}" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ terraform apply -auto-approve | |
| Apply complete! Resources: 0 added, 0 changed, 0 destroyed. | |
| Outputs: | |
| api = [ | |
| "75.2.98.97/32", | |
| "99.83.150.238/32", | |
| ] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sentinel test -verbose csr_common_name.sentinel | |
| Installing test modules for test/csr_common_name/fail.json | |
| Installing test modules for test/csr_common_name/success.json | |
| PASS - csr_common_name.sentinel | |
| PASS - test/csr_common_name/fail.json | |
| logs: | |
| common_name: fail.acme-app-fail.com |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vault { | |
| address = "http://vault:8200" | |
| } | |
| auto_auth { | |
| method { | |
| type = "azure" | |
| config = { | |
| resource = "lob_app" | |
| role = "ssh_prod" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Setup namespaces | |
| $ export VAULT_ADDR=http://127.0.0.1:8200 | |
| $ vault namespace create foo | |
| Key Value | |
| --- ----- | |
| id zI8gb | |
| path foo/ | |
| $ vault namespace create bar | |
| Key Value | |
| --- ----- |
WhatsARanjit
/ pipeline_entities.sh
Last active
January 19, 2021 18:38
Using a "pipeline" entity to create all tokens for pipelines
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enable audit log | |
| $ vault audit enable file file_path=/tmp/audit/vault_audit.log | |
| Success! Enabled the file audit device at: file/ | |
| # Add some example secrets for prod and dev | |
| $ vault secrets enable -version=2 kv | |
| $ vault kv put kv/production/stuff foo=bar | |
| $ vault kv put kv/development/stuff devfoo=devbar | |
| Success! Enabled the kv secrets engine at: kv/ | |
| Key Value |
NewerOlder