- Run
./setup.sh. - Select
1to Import Previous Configuration.
infamousjoeg
/ jenkins-freestyle.sh
Created
November 9, 2022 20:10
How to use Conjur Secrets provided SSH Private Key to clone Git repository in Jenkins
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set +x | |
| echo "$CONJUR_SECRET" > "$WORKSPACE"/private.key | |
| set -x | |
| chmod 0600 "$WORKSPACE"/private.key | |
| sed -i 's/\r$//g' "$WORKSPACE"/private.key | |
| export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $WORKSPACE/private.key -F /dev/null" | |
| git clone [email protected]:infamousjoeg/epa-poc.git |
infamousjoeg
/ DeployRDSSecret.yml
Created
October 12, 2022 00:15
An AWS CloudFormation template that uses AWS Secrets Manager to provide the admin password for a provisioned RDS database
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: Creates an empty SQL Server RDS database as an example for automated deployments. | |
| Parameters: | |
| SqlServerInstanceName: | |
| NoEcho: 'false' | |
| Description: RDS SQL Server Instance Name | |
| Type: String | |
| Default: SqlRdsDB | |
| MinLength: '1' | |
| MaxLength: '63' |
infamousjoeg
/ Jenkinsfile
Created
July 28, 2022 15:59
Example of using Conjur Secrets Plugin for Jenkins to checkout BitBucket repository
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| node { | |
| stages { | |
| stage('Checkout SCM') { | |
| steps { | |
| withCredentials([ | |
| conjurSecretCredential(credentialsId: 'scm/bitbucket/jenkins/username', variable: 'BITBUCKET_USER'), | |
| conjurSecretCredential(credentialsId: 'scm/bitbucket/jenkins/password', variable: 'BITBUCKET_PASS') | |
| ]) { | |
| git url: 'https://${BITBUCKET_USER}:${BITBUCKET_PASS}@bitbuckethost.com/scm/my-repo.git' | |
| } |
infamousjoeg
/ runbook.md
Last active
July 22, 2022 19:05
Runbook for Jenkins Integration with Conjur POC - Conjur Configurator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export CONJUR_ACCOUNT=poc | |
| export CONJUR_APPLIANCE_URL=https://ec2-00-00-00-00.compute-1.amazonaws.com | |
| export CONJUR_CERT_FILE=conjur-poc.pem | |
| export CONJUR_AUTHN_LOGIN=admin | |
| export CONJUR_AUTHN_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
infamousjoeg
/ k8s-secrets-crontjob.yaml
Last active
March 7, 2022 22:13
CyberArk Conjur Kubernetes Secrets Provider as a CronJob
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: k8s-secrets-provider-account | |
| namespace: conjur | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: Role | |
| metadata: |
infamousjoeg
/ explanation.md
Last active
March 7, 2022 21:26
Why Client Certificate Authentication requires both Certificate & Private Key
Certificates on their own are only public pieces of information. What links a public key certificate to the name it contains is the fact that whoever has legitimate control over that name (e.g. your name or your server's name) also has the private key for it.
Certificates are used to prove the identity of the remote party by challenging the remote party to perform an operation that can only be done with the corresponding private key: signing something (which can be verified with the public key) or deciphering something that was encrypted with the public key. (Both can happen in the SSL/TLS handshake, depending on the cipher suite.)
During the SSL/TLS handshake, the server sends its certificate (in clear) and proves to the client that it has the corresponding private key using an authenticated key exchange.
In this case, they also want to use client-certificate authentication. It's not enough to send the client certificate during the handshake: the cl
infamousjoeg
/ aws-instances.sh
Last active
March 14, 2022 15:10
Bash Helper Script for AWS Lab using Summon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ "$1" == "list" ]]; then | |
| echo "Running Instances:" | |
| echo "==================" | |
| summon --provider ring.py -e aws -f ~/secrets.yml aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | select( .State.Name == "running") | .Tags[] | select ( .Key == "Name" ) | .Value' | |
| echo "" | |
| echo "Stopped Instances:" | |
| echo "==================" | |
| summon --provider ring.py -e aws -f ~/secrets.yml aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | select( .State.Name == "stopped") | .Tags[] | select ( .Key == "Name" ) | .Value' |
infamousjoeg
/ k8s-secrets-app.yml
Last active
March 2, 2022 13:59
authn-k8s Kubernetes Secrets Application Policy Template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - !policy | |
| id: k8s-secrets-demo | |
| body: | |
| - &secrets | |
| - !variable secret1 | |
| - !variable secret2 | |
| - !host | |
| annotations: | |
| authn-k8s/namespace: namespace |
infamousjoeg
/ cyberark-conjur-authn-k8s-config.yml
Last active
March 1, 2022 22:13
Conjur Authn-K8s - Initial Config Manifest
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: cyberark-conjur | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: authn-k8s-sa |