Skip to content

Instantly share code, notes, and snippets.

View scalp42's full-sized avatar
🪂

Anthony Scalisi scalp42

🪂
227 followers · 518 following
View GitHub Profile
@pmp
pmp / envelope_encryption_kms_boto_pycrypto.md
Last active November 17, 2021 16:35
Envelope Encryption using AWS KMS, Python Boto, and PyCrypto.

If you use Amazon AWS for nearly anything, then you are probably familiar with KMS, the Amazon Key Management Service.

KMS is a service which allows API-level access to cryptographic primitives without the expense and complexity of a full-fledged HSM or CloudHSM implementation. There are trade-offs in that the key material does reside on servers rather than tamper-proof devices, but these risks should be acceptable to a wide range of customers based on the care Amazon has put into the product. You should perform your own diligence on whether KMS is appropriate for your environment. If the security profile is not adequate, you should consider a stronger product such as CloudHSM or managing your own HSM solutions.

The goal here is to provide some introductory code on how to perform envelope encrypt a message using the AWS KMS API.

KMS allows you to encrypt messages of up to 4kb in size directly using the encrypt()/decrypt() API. To exceed these limitations, you must use a technique called "envelope encryptio

@heri16
heri16 / bgpd.conf
Last active December 1, 2025 08:16
AWS VPC VPN StrongSwan Virtual Tunnel Interface (VTI)
#@ /etc/quagga/bgpd.conf (Centos & Ubuntu)
hostname <Local OS hostname>
password <Any random phrase>
enable password <Any random phrase>
!
log file /var/log/quagga/bgpd
!debug bgp events
!debug bgp zebra
debug bgp updates
@astroza
astroza / singleton.rb
Last active October 3, 2018 19:55
Nicer Ruby Singleton
class SingletonTest
def data
@data
end
def data=(n)
@data = n
end
@old_new_method = self.method(:new)
@scalp42
scalp42 / gist:c08c1fd0fe41ce2c8e63
Created November 10, 2015 21:21 — forked from mingderwang/gist:971c9d303c65cd876381
install mesosphere on ubuntu 14.04 manually with scripts
$ cat install.sh
## add mesosphere repo and keys
export DISTRO=$(lsb_release -is | tr '[:upper:]' '[:lower:]')
export CODENAME=$(lsb_release -cs)
echo "deb http://repos.mesosphere.io/${DISTRO} ${CODENAME} main" | sudo tee /etc/apt/sources.list.d/mesosphere.list
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv E56151BF
## update repos
@kizbitz
kizbitz / dockerhub-v2-api-user.sh
Last active April 17, 2023 23:30
Get the list of images and tags for a Docker Hub user account.
#!/bin/bash
# Example for the Docker Hub V2 API
# Returns all imagas and tags associated with a Docker Hub user account.
# Requires 'jq': https://stedolan.github.io/jq/
# set username and password
UNAME=""
UPASS=""
@scalp42
scalp42 / hash_inverse.rb
Last active August 29, 2015 14:27 — forked from NigelThorne/hash_inverse.rb
ruby hash invert
require './hash_inverse'
describe Hash do
describe "when empty and asked for the inverse" do
it "returns an empty hash" do
{}.inverse.must_equal Hash.new
end
end
describe "when mapping are unique and asked for the inverse" do
anonymous
anonymous / gist:c5b450430f33cfe5db8a
Created July 21, 2015 22:35
userAuth:
type: ldap
server: yourserver
port: 636
userDN: the_dn_of_the_keywhiz_user
password: external:/some/place
lookup:
userBaseDN: ou=some,dc=dn,dc=for,dc=your,dc=site
userAttribute: uid
requiredRoles: [keywhizAdmins]
@seeder
seeder / fetch-tmpl-content
Created July 20, 2015 10:40
Used for fetching templates from consul for use in consul-template as plugin
#!/bin/sh
TMPL=$1
DESTINATION=/config/consultemplate/template/$TMPL
TMPDESTINATION=/tmp/$DESTINATION
LOGS=/logs/$HOSTNAME
mkdir -p $LOGS
mkdir -p "`dirname $DESTINATION`"
@cnk
cnk / shell_output.sh
Created July 10, 2015 00:11
Example code from Chapter 7 (Library Example 1: Modules and Mixins) of Customizing Ruby
$ chef-client --once --local-mode --config /\
Users/cnk/Code/sandbox/customizing_chef/part3_examples/solo.rb --override-runlist testcookbook::default
Starting Chef Client, version 12.3.0
[2015-07-09T17:08:42-07:00] WARN: Run List override has been provided.
[2015-07-09T17:08:42-07:00] WARN: Original Run List: []
[2015-07-09T17:08:42-07:00] WARN: Overridden Run List: [recipe[testcookbook::default]]
resolving cookbooks for run list: ["testcookbook::default"]
Synchronizing Cookbooks:
- testcookbook
Compiling Cookbooks...
@mahnve
mahnve / gist:a173857078ecf5849dce
Last active August 30, 2022 21:47
get list of AWS us east ip ranges
curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq '.prefixes' | jq 'map(select(.region=="us-east-1"))' | jq 'map(.ip_prefix)'