Skip to content

Instantly share code, notes, and snippets.

View fvoges's full-sized avatar
:octocat:

Federico Voges fvoges

:octocat:
31 followers · 31 following
View GitHub Profile
@fvoges
fvoges / vault-load-balancer.yaml
Created February 20, 2023 13:40
AWS EKS Load Balancer for Vault
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: internal
labels:
app.kubernetes.io/instance: vault
app.kubernetes.io/name: vault
@fvoges
fvoges / no_tls_values.yaml
Last active February 14, 2023 10:39
Example Vault Helm chart values.yaml
# Vault Helm Chart Value Overrides
global:
enabled: true
tlsDisable: true
injector:
enabled: true
# Use the Vault K8s Image https://github.com/hashicorp/vault-k8s/
image:
repository: "hashicorp/vault-k8s"
@fvoges
fvoges / values.yaml
Created February 1, 2023 11:10
Vault Agent Injector Helm chart values
---
global:
enabled: true
# if you need to authenticate to pull images
# imagePullSecrets:
# name: image-pull-secret
injector:
enabled: true
externalVaultAddr: "https://vault.example.com:8200/"
image:
@fvoges
fvoges / MailinatorAliases
Created January 20, 2023 09:57 — forked from nocturnalgeek/MailinatorAliases
A list of alternate domains that point to @mailinator.com
@binkmail.com
@bobmail.info
@chammy.info
@devnullmail.com
@letthemeatspam.com
@mailinater.com
@mailinator.net
@mailinator2.com
@notmailinator.com
@reallymymail.com
@fvoges
fvoges / MailinatorAliases
Created January 20, 2023 09:57 — forked from denzuko/MailinatorAliases
A list of alternate domains that point to @mailinator.com
@binkmail.com
@bobmail.info
@chammy.info
@devnullmail.com
@letthemeatspam.com
@mailinater.com
@mailinator.net
@mailinator2.com
@notmailinator.com
@reallymymail.com
@fvoges
fvoges / vault_setup.sh
Last active January 20, 2023 00:15
Basic Vault setup steps to test replication
sudo apt update && sudo apt install gpg jq certbot
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg >/dev/null
gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install vault-enterprise
cat > /etc/vault.d/vault.hcl <<EOF
ui = true
@fvoges
fvoges / README.md
Created January 18, 2023 12:58
Get Amazon AWS IP ranges with curl and jq

How to get Amazon AWS CIDR blocks using curl and jq

curl -s https://ip-ranges.amazonaws.com/ip-ranges.json|jq '.prefixes[]|select(.region == "eu-west-2"  and .service == "EC2_INSTANCE_CONNECT")'

See AWS docs and this article for more details.

@fvoges
fvoges / jenkinsVault.groovy
Created December 8, 2022 14:14
Example Groovy pipeline TFE and Vault integration for Jenkins
import groovy.json.JsonOutput
import groovy.json.JsonSlurper
def getWorkspaceId() {
def response = httpRequest(
customHeaders: [
[ name: 'Authorization', value: 'Bearer ' + env.TFE_TOKEN ],
[ name: 'Content-Type', value: 'application/vnd.api+json' ]
],
url: 'https://app.terraform.io/api/v2/organizations/' + env.TFE_ORGANIZATION + '/workspaces/' + env.TFE_WORKSPACE_NAME
@fvoges
fvoges / template.ctmpl
Created December 6, 2022 14:46
Example Vault Agent configuration with AWS auth
{{- with secret "kv/test" -}}
{{- range $k, $v := .Data.data -}}
{{ $k }}={{$v}}
{{ end -}}
{{- end -}}
@fvoges
fvoges / ssh_wrapper.sh
Last active December 5, 2022 11:50
Vault SSH wrapper for SSH Secrets Engine
#!/bin/bash -e
# Simple SSH wrapper to use with Vault SSH Secrets Engine
MOUNT="ssh"
ROLE="dev-ssh"
HOST="$1"
TMP_FILE="$(mktemp)"
SIGNED_KEY="$(mktemp)"