I hereby claim:
- I am gitrgoliveira on github.
- I am rgoliveira (https://keybase.io/rgoliveira) on keybase.
- I have a public key whose fingerprint is 75B4 B53C E466 6DB5 E58F 2A5C 9C34 E8B1 3A2A BCAE
To claim this, I am signing this object:
gitrgoliveira
/ keybase.md
Created
August 8, 2019 14:39
gitrgoliveira
/ setup.sh
Last active
November 8, 2019 12:54
OpenShift setup with Vault and minishift
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # https://192.168.99.102:8443/console | |
| MINISHIFT="true" | |
| OPENSHIFT=192.168.99.103:8443 | |
| OPENSHIFT_ADDR=https://$OPENSHIFT | |
| PROJECT=vault-test | |
| export VAULT_ADDR='http://127.0.0.1:8200' |
gitrgoliveira
/ gcp_demo.sh
Created
November 8, 2019 12:53
setting up Vault and GCP auth and secrets backend
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # based on https://medium.com/google-cloud/vault-auth-and-secrets-on-gcp-51bd7bbaceb | |
| # | |
| ################################################################ | |
| # setup GCP | |
| ################################################################ | |
| PROJECT_ID=`gcloud config get-value core/project` |
gitrgoliveira
/ demo-tde.sh
Last active
March 3, 2020 13:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # downloading MongoDB | |
| mkdir -p mongodb | |
| mkdir -p mongodb_data | |
| curl -o mongodb/mongodb.tgz https://downloads.mongodb.com/osx/mongodb-macos-x86_64-enterprise-4.2.2.tgz | |
| tar -zxvf mongodb/mongodb.tgz --strip-components=1 -C mongodb | |
| # assuming Vault Enterprise is already installed | |
| # setting it up |
gitrgoliveira
/ boundary-AzureAD.sh
Created
May 26, 2021 15:09
Setting up OIDC in boundary with AzureAD
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # `az login` must be run first | |
| # | |
| BOUNDARY_ADDR=https://boundary.ric-lnd.ric.aws.hashidemos.io:9200 | |
| if [ -f "boundary_auth_created.json" ]; then | |
| echo "removing previous OIDC" | |
| boundary auth-methods delete -id $(jq -r .item.id boundary_auth_created.json) |
gitrgoliveira
/ vault_gh_setup.sh
Created
December 6, 2021 14:15
setting up vault for GitHub Action OIDC auth
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export VAULT_ADDR="https://xxxx:8200" | |
| export VAULT_NAMESPACE="admin" | |
| export VAULT_TOKEN=xxx | |
| tee vault-action.hcl <<EOF | |
| path "kv/data/ci" { | |
| capabilities = ["read"] | |
| } |
gitrgoliveira
/ vault_github_action.yml
Created
December 6, 2021 14:38
a GitHub Action that read from Vault and builds a docker image.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ImageBuilder | |
| # Run this workflow every time a new commit pushed to your repository | |
| on: | |
| push: | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| permissions: | |
| contents: read |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jobs: | |
| build: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| runs-on: self-hosted | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Import Secrets | |
| uses: hashicorp/[email protected] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vault auth enable jwt | |
| vault write auth/jwt/config \ | |
| oidc_discovery_url="https://token.actions.githubusercontent.com" \ | |
| bound_issuer="https://token.actions.githubusercontent.com" \ | |
| default_role="demo" | |
| # "user_claim": "workflow" defines the entity alias. | |
| vault write auth/jwt/role/demo -<<EOF | |
| { |
gitrgoliveira
/ nomad_sentinel_demo.sh
Last active
December 3, 2024 12:25
Nomad Enterprise Sentinel Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nomad agent -dev -bind 0.0.0.0 -acl-enabled >nomad-server.log & | |
| sleep 5 | |
| nomad acl bootstrap -json > bootstrap.json | |
| export NOMAD_TOKEN=$(jq -r .SecretID bootstrap.json) | |
| # creating a namespace and quota | |
| nomad namespace apply -description "QA instances of webservers" web-qa | |
| nomad quota init | |
| nomad quota apply spec.hcl |
OlderNewer