avoidik’s gists

avoidik / cert_test_pyca.py

Created February 12, 2019 09:15 — forked from rashley-iqt/cert_test_pyca.py

x509Adapter example with pyca/cryptography

	import requests

	from cryptography.hazmat.primitives.serialization.pkcs12 import load_key_and_certificates
	from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, NoEncryption
	from cryptography.hazmat.backends import default_backend
	from requests_toolbelt.adapters.x509 import X509Adapter

	backend = default_backend()
	with open('test_cert.p12', 'rb') as pkcs12_file:
	pkcs12_data = pkcs12_file.read()

avoidik / cert_test_openssl.py

Created February 12, 2019 09:15 — forked from rashley-iqt/cert_test_openssl.py

x509Adapter example using OpenSSL

	import requests

	from OpenSSL.crypto import load_pkcs12
	from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_der_private_key
	from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, NoEncryption
	from requests_toolbelt.adapters.x509 import X509Adapter

	with open('test_cert.p12', 'rb') as pkcs12_file:
	pkcs12_data = pkcs12_file.read()

avoidik / sslscan.py

Created November 29, 2018 08:46 — forked from brandond/sslscan.py

Stupid simple Python SSL certificate chain scanner

	#!/usr/bin/env python
	from __future__ import print_function

	import sys
	import socket
	import requests
	import datetime
	from OpenSSL import SSL, crypto

avoidik / Makefile

Created October 18, 2018 08:48 — forked from ryu1kn/Makefile

Encrypt/decrypt with AWS KMS using AWS cli

	# How to encrypt/decrypt your text/blob secret with AWS KMS with AWS cli

	KEY_ID=alias/my-key
	SECRET_BLOB_PATH=fileb://my-secret-blob
	SECRET_TEXT="my secret text"

	ENCRYPTED_SECRET_AS_BLOB=encrypted_secret_blob
	DECRYPTED_SECRET_AS_BLOB=decrypted_secret_blob # Result of decrypt-blob target

	encrypt-text:

avoidik / dec.py

Created October 18, 2018 08:48 — forked from nmarley/dec.py

AWS KMS encryption/decryption using Python/Boto3

	import boto3
	import base64

	if __name__ == '__main__':
	session = boto3.session.Session()

	kms = session.client('kms')

	encrypted_password = 'AQECAHjgTiiE7TYRGp5Irf8jQ3HzlaQaHGYgsUJDaavnHcFm0gAAAGswaQYJKoZIhvcNAQcGoFwwWgIBADBVBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDDwxVQuG0oVwpkU7nQIBEIAoVGk1/wpserb+GVUOzE7PiL/Nr9fTDFKZfpKpF0ip2ct4B2q0Wn6ZZw=='
	binary_data = base64.b64decode(encrypted_password)

avoidik / README.markdown

Created September 25, 2018 08:05 — forked from pat/LICENSE.txt

Running Setup SQL scripts on an RDS instance within a VPC, via Terraform

This Terraform configuration allows running a set of SQL commands on a new AWS RDS database instance that's operating within an AWS VPC.

The commands are executed via AWS Lambda functions - the first (rds_creation) operates outside the VPC and connects to the AWS API to determine credential information for the new database (endpoint, port, username, database). It then sends these details via SNS to another function operating within the VPC (rds_setup), which connects to the PostgreSQL database and executes the SQL commands.

The initial notification comes via SNS from the RDS events (and there is the configuration within the Terraform file here to set up that subscription).

Please note:

There are variables defined at the top of the Terraform file - everything else should be pretty self-contained (though you should definitely read through all of the code to ensure you understand it before using it).
The internal Lambda function is expecting a PostgreSQL database. This will need changing if you're

avoidik / awslambda.bootstrap.py

Created September 14, 2018 06:37 — forked from lucasrcosta/awslambda.bootstrap.py

AWS Lambda Python Runtime

	# -- coding: utf-8 --
	# /var/runtime/awslambda/bootstrap.py
	"""
	aws_lambda.bootstrap.py
	Amazon Lambda

	Copyright (c) 2013 Amazon. All rights reserved.

	Lambda runtime implemention
	"""

avoidik / copy-ssm-parameters

Created September 12, 2018 19:00 — forked from mvanholsteijn/copy-ssm-parameters

script to copy all SSM parameter store parameters to disk

	#!/usr/bin/env python
	#
	# copy all SSM parameter store parameters to disk
	#
	import os, sys, argparse, boto3

	parser = argparse.ArgumentParser(description='copy all parameter values to local')
	parser.add_argument("--path", dest="path", required=True,
	help="to copy the keys from", metavar="STRING")
	parser.add_argument("--directory", dest="directory", required=True,

avoidik / ssm_parameter_store.py

Created September 12, 2018 18:59 — forked from nqbao/ssm_parameter_store.py

Python class to provide a dictionary-like interface to access AWS SSM Parameter Store easily

	# Copyright (c) 2018 Bao Nguyen <b@nqbao.com>
	#
	# Permission is hereby granted, free of charge, to any person obtaining a copy
	# of this software and associated documentation files (the "Software"), to deal
	# in the Software without restriction, including without limitation the rights
	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	# copies of the Software, and to permit persons to whom the Software is
	# furnished to do so, subject to the following conditions:
	#
	# The above copyright notice and this permission notice shall be included in all

avoidik / vault-credential-provider.py

Last active January 24, 2019 12:31 — forked from joelthompson/vault-credential-provider.py

	#!/usr/bin/env python

	import os
	from botocore.credentials import CredentialProvider, RefreshableCredentials
	import requests
	from datetime import datetime, timedelta

	class VaultCredentialProvider(CredentialProvider):
	METHOD = 'vault'
	CANONICAL_NAME = 'VaultRole'

Viacheslav Vasilyev avoidik