-
Display role bindings for conjur-cluster service account token
oc get clusterrolebindings -o json \ | jq '.items | map(select(any(.subjects[]; .name | contains("conjur-cluster"))))' -
Display conjur-authenticator role information
oc describe clusterrole conjur-authenticator
infamousjoeg
/ k8sSecretsProvider.yml
Last active
March 3, 2022 14:17
K8s Secrets Provider Deployment Manifest
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: db-credentials | |
| namespace: k8s-secrets-app | |
| type: Opaque | |
| stringData: | |
| conjur-map: |- | |
| address: cd/kubernetes/db/host |
infamousjoeg
/ debugging_info.md
Created
February 24, 2022 16:34
— forked from micahlee/debugging_info.md
Conjur K8s Authenticator Debugging
infamousjoeg
/ sni_builder.sh
Last active
February 23, 2022 19:55
Automated Building of Certificates when OpenShift SNI Present
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| APIURL="https://cluster.com" | |
| PORT="6443" | |
| SERVERNAME="cluster.com" | |
| output_prefix="final-" | |
| extension="temp" | |
| dlfilename="retrieved.pem" | |
| pullcerticate_test() { | |
| local tofile="$1" |
infamousjoeg
/ 01-install-snapd.sh
Last active
February 22, 2022 22:03
How to Setup & Renew Let's Encrypt SSL on Ansible Automation Platform 2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sudo dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm | |
| sudo dnf -y upgrade | |
| sudo yum install -y snapd | |
| sudo systemctl enable --now snapd.socket | |
| sudo ln -s /var/lib/snapd/snap /snap | |
| sudo reboot now |
infamousjoeg
/ Helper.cs
Created
January 31, 2022 19:17
— forked from rbrayb/Helper.cs
Validating an ADFS JWT token
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Threading; | |
| using System.Threading.Tasks; | |
| namespace ValidateJWTConsoleApp | |
| { | |
| class Helper | |
| { | |
| internal static class AsyncHelper | |
| { |
infamousjoeg
/ authn-jwt_azure.yml
Last active
January 31, 2022 18:11
Conjur authn-jwt with Azure AD-registered applications
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Conjur policy for authn-jwt using above JWT: | |
| --- | |
| # authn-jwt endpoint | |
| - !policy | |
| id: conjur/authn-jwt/c73bf3ef-87e9-48e0-ac85-9c723e6cca39 # <-- Authn ID set to tenant ID | |
| body: | |
| - !variable jwks-uri # <-- https://login.microsoftonline.com/common/discovery/keys | |
| - !variable token-app-property # <-- set to "appid" (actual name of claim) | |
| # - !variable identity-path # <-- not needed for id below (policy is applied at root) |
infamousjoeg
/ InstantPotBraisedRedCabbage.md
Last active
January 27, 2022 17:07
Instant Pot Braised Red Cabbage
infamousjoeg
/ java-ccp-clientcert.java
Last active
January 28, 2022 15:34
How to use CCP Client Certificate Authentication with Java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This is “first-party” way to do it, using only plain Java libraries. | |
| // Starting from the top, one needs to configure an HTTP client. The only requirement here is that we need something that can accept an instance of `javax.net.SSLContext`, which it can use to create connections. | |
| // This `SSLContext` is the class that can be configured to facilitate the authentication, but it must be done with the `javax.net.ssl.KeyManager` class. | |
| // To create the `KeyManagers`, one can use `KeyManagerFactory` as follows: | |
| KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); | |
| KeyStore clientCertKeyStore = getKeyStoreWithKey(cyberArkCCP.getKey(), cyberArkCCP.getKeyPassword()); |
infamousjoeg
/ CentralCredentialObject.cpp
Created
December 6, 2021 14:24
C++ CCP REST Call Example - Thanks @JimmyJamCABD
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "CentralCredentialObject.h" | |
| #include <iostream> | |
| size_t CentralCredentialObject::WriteCallback(void *contents, size_t size, size_t nmemb, void *userp) | |
| { | |
| ((std::string*)userp)->append((char*)contents, size * nmemb); | |
| return size * nmemb; | |
| } |
infamousjoeg
/ main.kt
Created
December 6, 2021 14:23
Kotlin (Java) CCP REST Call Example - Thanks @JimmyJamCABD
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package org | |
| import java.io.FileInputStream | |
| import java.io.InputStream | |
| import java.net.URL | |
| import java.net.http.HttpClient | |
| import java.net.http.HttpRequest | |
| import java.net.http.HttpResponse.BodyHandlers | |
| import java.security.KeyStore | |
| import java.security.KeyStoreException |