Skip to content

Instantly share code, notes, and snippets.

View gitrgoliveira's full-sized avatar
💭
I may be slow to respond.

Ricardo Oliveira gitrgoliveira

💭
I may be slow to respond.
29 followers · 12 following
  • Hashicorp
  • UK
  • 00:26 (UTC +01:00)
View GitHub Profile
@gitrgoliveira
gitrgoliveira / keybase.md
Created August 8, 2019 14:39

Keybase proof

I hereby claim:

  • I am gitrgoliveira on github.
  • I am rgoliveira (https://keybase.io/rgoliveira) on keybase.
  • I have a public key whose fingerprint is 75B4 B53C E466 6DB5 E58F 2A5C 9C34 E8B1 3A2A BCAE

To claim this, I am signing this object:

@gitrgoliveira
gitrgoliveira / setup.sh
Last active November 8, 2019 12:54
OpenShift setup with Vault and minishift
#! /bin/bash
# https://192.168.99.102:8443/console
MINISHIFT="true"
OPENSHIFT=192.168.99.103:8443
OPENSHIFT_ADDR=https://$OPENSHIFT
PROJECT=vault-test
export VAULT_ADDR='http://127.0.0.1:8200'
@gitrgoliveira
gitrgoliveira / gcp_demo.sh
Created November 8, 2019 12:53
setting up Vault and GCP auth and secrets backend
#! /bin/bash
#
# based on https://medium.com/google-cloud/vault-auth-and-secrets-on-gcp-51bd7bbaceb
#
################################################################
# setup GCP
################################################################
PROJECT_ID=`gcloud config get-value core/project`
@gitrgoliveira
gitrgoliveira / demo-tde.sh
Last active March 3, 2020 13:31
#! /bin/bash
# downloading MongoDB
mkdir -p mongodb
mkdir -p mongodb_data
curl -o mongodb/mongodb.tgz https://downloads.mongodb.com/osx/mongodb-macos-x86_64-enterprise-4.2.2.tgz
tar -zxvf mongodb/mongodb.tgz --strip-components=1 -C mongodb
# assuming Vault Enterprise is already installed
# setting it up
@gitrgoliveira
gitrgoliveira / boundary-AzureAD.sh
Created May 26, 2021 15:09
Setting up OIDC in boundary with AzureAD
#! /bin/bash
#
# `az login` must be run first
#
BOUNDARY_ADDR=https://boundary.ric-lnd.ric.aws.hashidemos.io:9200
if [ -f "boundary_auth_created.json" ]; then
echo "removing previous OIDC"
boundary auth-methods delete -id $(jq -r .item.id boundary_auth_created.json)
@gitrgoliveira
gitrgoliveira / vault_gh_setup.sh
Created December 6, 2021 14:15
setting up vault for GitHub Action OIDC auth
export VAULT_ADDR="https://xxxx:8200"
export VAULT_NAMESPACE="admin"
export VAULT_TOKEN=xxx
tee vault-action.hcl <<EOF
path "kv/data/ci" {
capabilities = ["read"]
}
@gitrgoliveira
gitrgoliveira / vault_github_action.yml
Created December 6, 2021 14:38
a GitHub Action that read from Vault and builds a docker image.
name: ImageBuilder
# Run this workflow every time a new commit pushed to your repository
on:
push:
workflow_dispatch:
jobs:
build:
permissions:
contents: read
@gitrgoliveira
gitrgoliveira / github_actions_snippet.yaml
Created December 16, 2021 11:49
GitHub Actions snippet
jobs:
build:
permissions:
contents: read
id-token: write
runs-on: self-hosted
steps:
- uses: actions/checkout@v2
- name: Import Secrets
uses: hashicorp/[email protected]
@gitrgoliveira
gitrgoliveira / vault_setup.sh
Last active January 17, 2022 16:06
vault setup bash
vault auth enable jwt
vault write auth/jwt/config \
oidc_discovery_url="https://token.actions.githubusercontent.com" \
bound_issuer="https://token.actions.githubusercontent.com" \
default_role="demo"
# "user_claim": "workflow" defines the entity alias.
vault write auth/jwt/role/demo -<<EOF
{
@gitrgoliveira
gitrgoliveira / nomad_sentinel_demo.sh
Last active December 3, 2024 12:25
Nomad Enterprise Sentinel Testing
nomad agent -dev -bind 0.0.0.0 -acl-enabled >nomad-server.log &
sleep 5
nomad acl bootstrap -json > bootstrap.json
export NOMAD_TOKEN=$(jq -r .SecretID bootstrap.json)
# creating a namespace and quota
nomad namespace apply -description "QA instances of webservers" web-qa
nomad quota init
nomad quota apply spec.hcl