adam buxton abuxton

Example Jenkins integration for Vault

This snippet provides an example Jenkinsfile that performs an AppRole authentication using curl utility. The objective is to allow Jenkins to Authenticate to Vault, then use a temporary token to retrieve a secret. It does not rely on a plugin and therefore offers more flexibility.

AppRole authentication relies on a ROLE_ID and SECRET_ID to login and retrieve a Vault token. There are two ways to provide the SECRET_ID to Jenkins. Both of these are expanded upon below.

Pre-created SECRET_ID as a Jenkins secret. An out-of-band workflow will need to refresh the SECRET_ID periodically so Jenkins continues to perform AppRole logins successfully.
Alternative AppRole design: Give Jenkins the ability to refresh the SECRET_ID by itself.

1. Pre-created Secret ID

Take a consul snapshot:

consul snapshot save backup.snap

Verify consul snapshot:

consul snapshot inspect backup.snap

Stop Consul

systemctl stop consul.service

Stop Vault

How I passed the CISSP

Studying

The CISSP is a "mile wide and an inch deep." Don't learn everything. Focus on concepts. Only exception to this rule is Crypto and Physical security. Memorize that stuff.
The easeiest way to understand the test is to follow the domain structure and use it as a mental scaffolding with which you hang knolwedge.
I used a version of this book: https://www.amazon.com/Official-ISC-Guide-CISSP-Press/dp/1482262754
Reading the book is super dull and you will hate yourself if you try and read cover to cover. In fact just about every review says the same thing. The point they miss is that this book has EVERYTHING YOU NEED. That's why you should not read it all.
Take out some paper, open the book and go through each domain creating an outline of the domain > paragraph headings > 3-5 spaces for bullet points.
Leave the spaces for later. You can fill it in after your first practice exam.
After I completed outlining the book, I took a full 150 question practice e

Journalctl Cheat Sheet

Configuration

Permissions

To see messages from other users and the system as well as performing various log operations from a regular user add it to the group:

sudo usermod -aG systemd-journal $USER

GPG User Guide

Author: John A. Fedoruk <[email protected]>
Key ID: 8937446102D51067EB90DB6AB229A6E87086AD48
Date: 2019-07-03

Overview

CI/CD Build Tools and Testing

Build Manager

Goal - centralized UI, and scheduler, for managing automated builds

Terraform Enterprise - HashiCorp
Jenkins - Cloudbees
TravisCI
CircleCI
Bamboo - Atlassian

	go mod edit -module {NEW_MODULE_NAME}
	-- rename all imported module
	find . -type f -name '*.go' \
	-exec sed -i -e 's,{OLD_MODULE},{NEW_MODULE},g' {} \;

	architecture=""
	case $(uname -m) in
	i386) architecture="386" ;;
	i686) architecture="386" ;;
	x86_64) architecture="amd64" ;;
	arm) dpkg --print-architecture \| grep -q "arm64" && architecture="arm64" \|\| architecture="arm" ;;
	esac

	-------------------------------------------------------
	uname -m

	```zshrc
	#▄███████▄ ▄████████ ▄█ █▄ ▄████████ ▄████████
	#██▀ ▄██ ███ ███ ███ ███ ███ ███ ███ ███
	# ▄███▀ ███ █▀ ███ ███ ███ ███ ███ █▀
	#▀█▀▄███▀▄▄ ███ ▄███▄▄▄▄███▄▄ ▄███▄▄▄▄██▀ ███
	# ▄███▀ ▀ ▀███████████ ▀▀███▀▀▀▀███▀ ▀▀███▀▀▀▀▀ ███
	#▄███▀ ███ ███ ███ ▀███████████ ███ █▄
	#███▄ ▄█ ▄█ ███ ███ ███ ███ ███ ███ ███
	#▀████████▀ ▄████████▀ ███ █▀ ███ ███ ████████▀
	# ███ ███

	#!/bin/bash

	# start vault
	VAULT_UI=true vault server -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200

	# login as root - DO NOT DO THIS IN PRODUCTION
	vault login root

	# write some secrets
	vault kv put secret/test color=blue number=eleventeen