Skip to content

Instantly share code, notes, and snippets.

View tbeyer567's full-sized avatar

Tim Beyer tbeyer567

  • Portland, OR
View GitHub Profile
@tbeyer567
tbeyer567 / vault_install.sh
Last active November 3, 2023 15:16
#!/bin/bash
set -eu
VAULT_VERSION="1.11.4+ent-1"
VAULT_BINARY_LOCATION=/home/user123/vault
VAULT_LICENSE_KEY="lskdjaflwekajlr3lwkrj23lja<UPDATE>"
USER="vault"
GROUP="vault"
#ALL CERTIFICATES SHOULD BE BASE64
@tbeyer567
tbeyer567 / admin.hcl
Created October 16, 2023 16:23
initial admin policy
# Read system health check
path "sys/health" {
capabilities = ["read", "sudo"]
}
# Read license
path "sys/license" {
capabilities = ["read"]
}
@tbeyer567
tbeyer567 / gist:6c7bbe062165ab26b1808d23b15861cd
Created April 14, 2023 15:16
module "hcp-vault" {
source = "./hcp-vault"
cloud_provider = "aws"
tier = "plus_medium"
primary_cluster_hvn = "hvn-us-west-2"
primary_region = "us-west-2"
primary_cluster_hvn_cidr = var.primary_hvn_cidr
primary_cluster_id = "vault-us-west-2"
@tbeyer567
tbeyer567 / gist:725843465777b5a13c34713e66b30be7
Last active April 13, 2023 19:53
terraform {
required_providers {
vault = ">=3.14.0"
}
}
provider "vault" {}
resource "vault_namespace" "dev" {
path = "dev"
@tbeyer567
tbeyer567 / main.tf
Created April 10, 2023 18:18
module "primary_us_vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "4.0.1"
providers = {
aws = aws.us-east-1
}
name = "vault-us-east-1"
cidr = "10.64.0.0/22"
@tbeyer567
tbeyer567 / main.tf
Created April 10, 2023 16:55
module "vault_west" {
source = "../"
vpc_cidr = "172.31.1.0/24"
vpc_name = "vault-west"
providers = {
aws = aws.us-west-2
}
}
@tbeyer567
tbeyer567 / admin.hcl
Created March 22, 2023 16:55
# Manage auth methods broadly across Vault
path "auth/*"
{
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# Create, update, and delete auth methods
path "sys/auth/*"
{
capabilities = ["create", "update", "delete", "sudo"]
@tbeyer567
tbeyer567 / vault admin policy
Created January 17, 2023 19:20
# Read system health check
path "sys/health"
{
capabilities = ["read", "sudo"]
}
# Create and manage ACL policies broadly across Vault
# List existing policies
path "sys/policies/acl"
@tbeyer567
tbeyer567 / main.tf
Last active October 3, 2022 22:17
provider "aws" {
region = var.region
}
resource "aws_vpc" "main" {
cidr_block = var.vpc_cidr_block
enable_dns_hostnames = true
tags = {
Name = var.vpc_name
@tbeyer567
tbeyer567 / gist:f685c3a7b1396e167d2cae6be19e01ca
Created June 27, 2022 22:50
image:
name: vault
variables:
VAULT_ADDR: https://sensible-crow.butters.rocks:8200/
read_secrets:
script:
- export VAULT_CACERT=/builds/tbeyer/right-flounder/ca.pem
- export VAULT_TOKEN="$(vault write -field=token auth/jwt/login role=demo-service-staging jwt=$CI_JOB_JWT)"