dustinmm80

# First, let's define some secrets we want to pass to Chef

cat << SECRETS > /etc/chef.secrets
DB_PASSWORD: !var db/postgres/customers/password # exports value as env var
SSL_CERT:    !tmp certs/ssl/mydomain             # creates temporary file and exports path as env var
SECRETS

# In our recipe we can use ENV['DB_PASSWORD'] and ENV['SSL_CERT'] where secrets are needed

# We have the Conjur CLI on the machine, so we can use conjur env

dustinmm80

policy "demo-factory-1-0" do
  variables = [ 
    variable("aws/access_key_id"), 
    variable("aws/secret_access_key"),
    variable("sentry/projects/demo-factory/dsn"),
    variable("hipchat/api-token"),
    variable("trials/hubspot/api-key"),
    variable("mandrill/api-key"),
    variable("keen.io/demo-factory/project-id"),
    variable("keen.io/demo-factory/write-key")

dustinmm80

# Applying a Conjur identity to a Heroku app via config vars

# Name of your conjur organization
heroku config:set CONJUR_ACCOUNT=myorg
# Endpoint of your Conjur server
heroku config:set CONJUR_APPLIANCE_URL=https://conjur-master.myorg.com/api
# Name of the host you created to represent the Heroku app
heroku config:set CONJUR_AUTHN_LOGIN=host/production/heroku/demo-factory-conjur
# API key of the host you created 
heroku config:set CONJUR_AUTHN_API_KEY=sb0ncv1yj9c4w2e9pb1a2s8eh18dgf1gfz3nb31ft33s7nnz1cjw1r7

dustinmm80

AWS_ACCESS_KEY_ID:     !var aws/access_key_id
AWS_SECRET_ACCESS_KEY: !var aws/secret_access_key
SENTRY_DSN:            !var sentry/projects/demo-factory/dsn
HIPCHAT_TOKEN:         !var hipchat/api-token
HUBSPOT_API_KEY:       !var trials/hubspot/api-key
MANDRILL_API_KEY:      !var mandrill/api-key
KEEN_PROJECT_ID:       !var keen.io/demo-factory/project-id
KEEN_WRITE_KEY:        !var keen.io/demo-factory/write-key

dustinmm80

# I have a policy named demo-factory-1-0 defined in policy.rb

# Let's create a development policy
conjur policy load --as-group v4/ops --collection development policy.rb
# The collection flag means our policy is named development/demo-factory-1-0
# Any variables, groups, etc created will have the prefix development/demo-factory-1-0
# Ex: I defined variable aws/access_key_id in policy.rb so it's name will be development/demo-factory-1-0/aws/access_key_id
# I can then go and add a value to that variable

# Now we can use the policy flag to conjur env to specify a prefix for the variables when retrieving them

dustinmm80

require 'net/http'
require 'net/https'
require 'uri'

class Conjur::Command::Jenkins < Conjur::Command
  desc 'Interact with Jenkins using Conjur credentials'
  command :jenkins do |jenkins|
    jenkins.desc 'Build a Jenkins job'
    jenkins.arg_name 'job_name'
    jenkins.command 'build' do |c|

dustinmm80

package main

/*
./keychain -name mysecret
Siam589_logy

On run you'll get a popup window asking for access.
*/

import (

dustinmm80

AWS_ACCESS_KEY_ID: !var prod/aws/iam/users/fabric/access-key-id
AWS_SECRET_KEY_ID: !var prod/aws/iam/users/fabric/secret-access-key
MONGODB_PASSWORD:  !var prod/mongo/deployments/password

dustinmm80

#!/bin/bash

DEMO_NAME=$1

TAG_NAME="demo-factory/email"
INSTANCE_ID="`wget -qO- http://instance-data/latest/meta-data/instance-id`"
REGION="`wget -qO- http://instance-data/latest/meta-data/placement/availability-zone | sed -e 's:\([0-9][0-9]*\)[a-z]*\$:\\1:'`"
TAG_VALUE="`aws ec2 describe-tags --filters "Name=resource-id,Values=${INSTANCE_ID}" "Name=key,Values=${TAG_NAME}" --region ${REGION} --output=text | cut -f5 | tr -d '\n'`"

URL="http://track.hubspot.com/v1/event?_n=000000294287&_a=402893&email=${TAG_VALUE}&_latest_demo_started=${DEMO_NAME}"

dustinmm80

# conjur policy load --as-group security_admin digitas-policy.rb

# Create group 'devops', add user 'dustin' as an admin
devops = group '/devops' do
  add_member user('/dustin'), admin_option: true
end

# Create group 'developers', add user 'katie' as a member
developers = group '/developers' do
  add_member user('/katie')