Skip to content

Instantly share code, notes, and snippets.

View abuxton's full-sized avatar
💭
discombobulated as always

adam buxton abuxton

💭
discombobulated as always
42 followers · 66 following
View GitHub Profile
@abuxton
abuxton / cloudSettings
Last active July 9, 2021 11:32
cloudSettings
{"lastUpload":"2021-07-09T11:32:49.728Z","extensionVersion":"v3.4.3"}
@abuxton
abuxton / keybase.md
Last active September 7, 2020 07:55

Keybase proof

I hereby claim:

  • I am abuxton on github.
  • I am abuxton (https://keybase.io/abuxton) on keybase.
  • I have a public key ASAFYuAD6GPJP0XJGZRrVdXjfKyr_JZlOL17gGe1Ze620Qo

To claim this, I am signing this object:

@abuxton
abuxton / bootstrap-consul-acls.sh
Created October 6, 2020 13:33
bootstrap consul acls
#!/bin/bash
echo '
node_prefix "" {
policy = "write"
}
service_prefix "" {
policy = "read"
}
agent_prefix "" {
policy = "write"
@abuxton
abuxton / consul_tls_certs.sh
Created October 6, 2020 13:55
consul generate tls certs example script
#!/bin/bash
AWS_REGION="eu-west-2"
consul tls ca create
consul tls cert create -server -dc=$AWS_REGION
consul tls cert create -client -dc=$AWS_REGION
mv consul-agent-ca.pem consul_ca.pem
mv consul-agent-ca-key.pem consul_ca_key.pem
mv $AWS_REGION-server-consul-0.pem consul_server_crt.pem
mv $AWS_REGION-server-consul-0-key.pem consul_server_key.pem
cat $AWS_REGION-client-consul-0.pem consul_ca.pem > vault_crt.pem
@abuxton
abuxton / boostrap_consul_tokens.sh
Created October 6, 2020 15:30
consul boostrap acl tokens example
cat << EOF > /tmp/bootstrap_tokens.sh
#!/bin/bash
export CONSUL_HTTP_TOKEN=${master_token}
export CONSUL_HTTP_ADDR=http://127.0.0.1:7500
echo "Creating Consul ACL policies......"
if ! consul kv get acl_bootstrap 2>/dev/null; then
consul kv put acl_bootstrap 1
echo '
node_prefix "" {
policy = "write"
@abuxton
abuxton / vault_healthcheck.md
Created October 7, 2020 06:57

notes taken from hashicorp/vault#7471

My vaut config:

{
  "ui": true,
  "pid_file": "/run/vault/vault.pid",
  "storage": {
    "consul": {
@abuxton
abuxton / approle.sh
Created October 13, 2020 12:23 — forked from greenbrian/approle.sh
Vault CLI testing AppRole
#!/bin/bash
# start vault
VAULT_UI=true vault server -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200
# login as root - DO NOT DO THIS IN PRODUCTION
vault login root
# write some secrets
vault kv put secret/test color=blue number=eleventeen
@abuxton
abuxton / jenkins-pipeline.txt
Last active October 30, 2020 18:46
jenkins minimal curl Gist
pipeline {
agent any
stages {
stage('Integration Tests') {
steps {
script {
def ROLE_ID = "REPLACE_WITH_ID"
def SECRET_ID = "REPLACE_WITH_ID"
/* sh '''
@abuxton
abuxton / vault-jenkins-approle.md
Created November 2, 2020 11:19 — forked from kawsark/vault-jenkins-approle.md
Example Jenkins integration for Vault using AppRole and curl

Example Jenkins integration for Vault

This snippet provides an example Jenkinsfile that performs an AppRole authentication using curl utility. The objective is to allow Jenkins to Authenticate to Vault, then use a temporary token to retrieve a secret. It does not rely on a plugin and therefore offers more flexibility.

AppRole authentication relies on a ROLE_ID and SECRET_ID to login and retrieve a Vault token. There are two ways to provide the SECRET_ID to Jenkins. Both of these are expanded upon below.

  1. Pre-created SECRET_ID as a Jenkins secret. An out-of-band workflow will need to refresh the SECRET_ID periodically so Jenkins continues to perform AppRole logins successfully.
  2. Alternative AppRole design: Give Jenkins the ability to refresh the SECRET_ID by itself.

1. Pre-created Secret ID

@abuxton
abuxton / rsync.md
Last active November 6, 2020 19:16 — forked from bengarrett/rsync.md
Rsync - Helpers and common usage.

Rsync

Common arguments

-v verbose

-h humanise the output by implementing binary multipliers instead of byte values etc.

-P display progress and allow resumption of interrupted transfers

-n do a dry run for testing