Skip to content

Instantly share code, notes, and snippets.

View planetrobbie's full-sized avatar

Sebastien Braun planetrobbie

26 followers · 2 following
View GitHub Profile
@planetrobbie
planetrobbie / collection.json
Created September 3, 2020 13:20
Postman TFE API Vault onboarding collection
{
"info": {
"_postman_id": "2255e3f0-2da2-4530-aff9-9673d1e5fdb9",
"name": "HashiCorp Vault TFE Onboard",
"description": "Onboarding a Project team on Vault",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "namespace",
@planetrobbie
planetrobbie / TFE installation steps
Created July 30, 2020 07:34
Terraform Enterprise instalation
# Docs
https://www.terraform.io/docs/enterprise/install/installer.html
https://www.terraform.io/docs/enterprise/before-installing/rhel-requirements.html
https://www.terraform.io/docs/enterprise/before-installing/rhel-requirements.html
# Check docker version
docker -v
@planetrobbie
planetrobbie / Vault SSH
Created November 21, 2019 10:55
$ Vault ssh
OpenSSH 5.4 (March 2010), an SSH signed certificate contains a public key and metadata: Validity, Principals and Extensions
# Client Signing
## Create a key for user
ssh-keygen -t rsa -C "[email protected]"
@planetrobbie
planetrobbie / vault-sidecar-workflow.md
Last active October 3, 2019 14:23

Vault Kubernetes - sidecar integration step by step guide

mirror example code

git clone https://github.com/hashicorp/vault-guides.git

workflow

@planetrobbie
planetrobbie / k8s sidecar vault workflow
Created September 18, 2019 14:34
$ Vault k8s sidecar
- [article](https://learn.hashicorp.com/vault/identity-access-management/vault-agent-k8s)
- [code](https://github.com/hashicorp/vault-guides/tree/master/identity/vault-agent-k8s-demo)
- [RFC vault agent template](https://docs.google.com/document/d/1TBE5TuzgXpTBq2gGaJLd9gjWd1KW1MfXm2AUEIvFJtY/edit)
- [RFC Vault Kubernetes Admissions Webhook](https://docs.google.com/document/d/1nEaJiH_WO3SaHU178-zHRvz1Ic4m5q6ofbJJYxOV0X4/edit) mutate pod specs to add sidecar which will auth/auto renew and write secrets to a shared in-memory volume. Will live in a new binary named vault-k8s similar to consul-k8s.
- Above is using [Kubernetes Admission Webhooks available in 1.9](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) configured using annotations.
# Example Scripting
@planetrobbie
planetrobbie / workshop tfe
Created September 12, 2019 08:06
$ Terraform AWS workshop
# Demo Prep
source ~/in/aws/auth.sh
aws ec2 describe-instances
If failure auth to AWS Console
https://eu-west-3.signin.aws.amazon.com
@planetrobbie
planetrobbie / keybase.md
Created June 20, 2019 08:16
Keybase identity Proof

Keybase proof

I hereby claim:

  • I am planetrobbie on github.
  • I am planetrobbie (https://keybase.io/planetrobbie) on keybase.
  • I have a public key ASC3W8XszVxcFvl4oa0mTFPn_4Zrnoll-f-YZxtNGbv9Lgo

To claim this, I am signing this object:

@planetrobbie
planetrobbie / audit.log
Created January 28, 2019 20:47
Vault Audit snippet
"time":"2019-01-28T20:46:29.435016455Z","type":"request","auth":{"client_token":"","accessor":"","display_name":"","policies":null,"metadata":null,"entity_id":"","token_type":"default"},"request":{"id":"52919fae-6c8e-03f1-51c8-23efb9a0041e","operation":"read","client_token":"","client_token_accessor":"","namespace":{"id":"root","path":""},"path":"sys/replication/status","data":null,"policy_override":false,"remote_address":"130.211.0.225","wrap_ttl":0,"headers":{}},"error":""}
{"time":"2019-01-28T20:46:29.43583858Z","type":"response","auth":{"client_token":"","accessor":"","display_name":"","policies":null,"metadata":null,"entity_id":"","token_type":"default"},"request":{"id":"52919fae-6c8e-03f1-51c8-23efb9a0041e","operation":"read","client_token":"","client_token_accessor":"","namespace":{"id":"root","path":""},"path":"sys/replication/status","data":null,"policy_override":false,"remote_address":"130.211.0.225","wrap_ttl":0,"headers":{}},"response":{"data":{"dr":{"mode":"hmac-sha256:3a4bd796ed9f8ae4195a2d941df
@planetrobbie
planetrobbie / config.json
Created January 14, 2019 13:41
consul agent
{
"addresses": {
"dns": "127.0.0.1",
"grpc": "127.0.0.1",
"http": "127.0.0.1",
"https": "127.0.0.1"
},
"advertise_addr": "10.132.0.4",
"advertise_addr_wan": "10.132.0.4",
"bind_addr": "10.132.0.4",
@planetrobbie
planetrobbie / resume.html
Created March 30, 2018 19:00
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>Sébastien Braun</title><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"/><style>@font-face {
font-family: 'icomoon';
src: url('fonts/icomoon.eot?9yug7q');
src: url('fonts/icomoon.eot?9yug7q#iefix') format('embedded-opentype'),
url('fonts/icomoon.ttf?9yug7q') format('truetype'),
url('fonts/icomoon.woff?9yug7q') format('woff'),
url('fonts/icomoon.svg?9yug7q#icomoon') format('svg');
font-weight: normal;
font-style: normal;
}