Skip to content

Instantly share code, notes, and snippets.

View sarjarapu's full-sized avatar

sarjarapu

5 followers · 0 following
  • Amazon Web Services
  • Austin, TX
View GitHub Profile
@sarjarapu
sarjarapu / kerberos-configure-set-env.sh
Created October 5, 2018 04:46
A bash script to configure environment variables and set permissions for the folders
sudo klist -k /var/lib/mongo/private/mon01.keytab
# Keytab name: FILE:/var/lib/mongo/private/mon01.keytab
# KVNO Principal
# ---- ------------------------------------------
# 2 mongodb/[email protected]
# Set the keytab file location in environment variable
echo "KRB5_KTNAME=/var/lib/mongo/private/mon01.keytab" | sudo tee /etc/sysconfig/mongod
# Change the folder ownership to mongod
@sarjarapu
sarjarapu / kerberos-set-user-permissions.sh
Created October 5, 2018 04:49
A bash script using mongo client to create replica set and user privileges on $external database
mongo --quiet admin <<EOF
rs.initiate();
sleep(10000);
db.createUser({user: 'superuser', pwd: 'superuser', roles: ['root']});
db.auth('superuser', 'superuser');
use \$external;
db.createUser({user: '[email protected]', roles: [{ role: 'root', db: 'admin'}]});
db.createUser({user: '[email protected]', roles: [{ role: 'readWrite', db: 'social'}]});
EOF
@sarjarapu
sarjarapu / kerberos-install-krb5-client-user.sh
Created October 5, 2018 04:52
A bash script to install the Kerberos client and display the Kerberos configuration file on the User machine
# Install the Kerberos client
sudo yum install -y krb5-workstation
# TODO: Copy the /etc/krb5.conf file contents from
# Kerberos Server's config file to the Client's machine
sudo cat /etc/krb5.conf
@sarjarapu
sarjarapu / kerberos-install-mongo-shell.sh
Created October 5, 2018 04:53
A bash script to install the MongoDB shell and the MongoDB Enterprise dependencies
sudo tee /etc/yum.repos.d/mongodb-enterprise.repo << EOF
[mongodb-enterprise]
name=MongoDB Enterprise Repository
baseurl=https://repo.mongodb.com/yum/redhat/\$releasever/mongodb-enterprise/4.0/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
EOF
# Install the mongodb enterprise dependencies and mongodb shell
@sarjarapu
sarjarapu / kerberos-mongod-auth.sh
Created October 5, 2018 04:59
A bash script illustrating authentication to MongoDB via Kerberos SSO and authorization on MongoDB
# Login into the Kerberos as bob
kinit -p bob
# Password for [email protected]:
klist
# Ticket cache: KEYRING:persistent:1000:1000
# Default principal: [email protected]
# Valid starting Expires Service principal
# 10/04/2018 16:58:49 10/05/2018 16:58:48 krbtgt/[email protected]
@sarjarapu
sarjarapu / csfle-create-mongod.sh
Created January 23, 2020 14:51
A bash script to download and install MongoDB v4.2.2 enterprise on my Mac
# TODO: Update the BASE_DIR to your favorite directory
BASE_DIR=/Users/shyam/code/personal/mdb/fle/build
VERSION="4.2.2"
# TODO: Change the binaries to your OS flavor
# Download and extract the v4.2 enterprise binaries
cd ${BASE_DIR}
curl -OL "https://downloads.mongodb.com/osx/mongodb-macos-x86_64-enterprise-${VERSION}.tgz"
tar -xzf mongodb-macos-x86_64-enterprise-${VERSION}.tgz
rm -f mongodb-macos-x86_64-enterprise-${VERSION}.tgz
@sarjarapu
sarjarapu / csfle-create-local-keyfile.sh
Created January 23, 2020 14:53
A bash script to create LOCAL_KEY and start the MongoDB shell
# Generate 96 char local key. save it don't loose it
LOCAL_KEY=$(openssl rand -hex 50 | head -c 96 | base64 | tr -d '\n')
echo $LOCAL_KEY
# YzRiY2Y3ZGUzNDgxYzQwNzliMGEzMDI2YjU0ODkwMjQ5ZTNmMWFkZDdiZGUzMDc5ZTVlMWYxNjBlMDM5MGJmMjhmOWIyODdlMjU3MjA1M2ZmZjdiZDViYWE1Y2Q1OTRi
# Start the v4.2 client. Note that you are not connecting to server yet
${MONGO_BIN}/mongo --shell --nodb --eval "var LOCAL_KEY = '$LOCAL_KEY' "
@sarjarapu
sarjarapu / csfle-create-clientobj.js
Last active January 23, 2020 14:57
A JavaScript to make use of the client-side field-level encryptions, create the MongoDB client objects, and create data encryption keys for SSN and Mobile fields
// Create a mongo clients for plain text operations and another with client-side Field-Level encryption options
var csfleOptions = {
"keyVaultNamespace" : "encryption.__dataKeys",
"kmsProviders" : {
"local" : {
"key" : BinData(0, LOCAL_KEY)
}
},
"schemaMap" : {}
};
@sarjarapu
sarjarapu / csfle-manual-encryption.js
Created January 23, 2020 15:10
A JavaScript to illustrate insert/find operations while using MongoDB client-side field level encryption feature.
// Deterministic algorithm: Always outputs the same encrypted value for a given combo of plain text and an encryption key. When you need to search on encrypted text match you must be using the Deterministic algorithms.
const SSN_ENCRYPTION_ALGORITHM = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic";
// Random algorithm: Always outputs different encrypted value for a given combo of plain text and an encryption key. Although the encrypted value is different, decrypting always yields the same plain text. Because the encrypted text is random, you should not be using them on searchable fields
const MOBILE_ENCRYPTION_ALGORITHM = "AEAD_AES_256_CBC_HMAC_SHA_512-Random";
// Create a patient document on csfleDB object. Manually encrypt the texts and insert into DB
// Notice that encrypt method is called once per each field, but insert operation is done as a whole
csfleDB.getCollection("patients").insert({
"_id": 1,
"medRecNum": 1,
@sarjarapu
sarjarapu / csfle-automatic-encryption.js
Created January 23, 2020 15:13
A JavaScript to illustrate insert/find operations while using MongoDB client-side field level encryption with automatic encryption feature.
// NOTE: In the explicit encryption method all insert/update/find operations should ship encrypted data.
// Let's explore an MongoDB Enterprise that helps automatically encryption / decryption data for you. But first,
// define a JSON schema mapping for our patients collection via the Field-Level option.
const healthCareAppSchema = {
"health_care_app.patients": {
"bsonType": "object",
"properties": {
"medRecNum": {
"bsonType": "int"
},