Exporting Microsoft Authenticator TOTP secrets


Workplaces may enforce TOTP 2FA to be enabled Office 365 accounts, which require the Microsoft Authenticator app to be installed.

Regular TOTP applications (such as Aegis, Authy, or LastPass) cannot be used as Microsoft uses a proprietary scheme called phonefactor. Furthermore, the application requires Google Services Framework (GSF) to be installed (likely to provide device notifications), and will refuse to work when it is not present on the device.

Forunately, after the registration is complete, the underlying mechanism the app uses to generate TOTP codes is regular otpauth, and its secrets can be exported with a little bit of effort.

Extracting the keys

Moving a Postgres db from RDS to a Docker container

Make a backup from RDS

pg_dump -h <rds host> -p 5432 -F c -O -U <rds user> <db name> > db.dump

Restore the backup into a Docker container

docker run --rm --interactive --link <postgres container id>:postgres --volume $PWD/:/tmp/ postgres:latest /bin/bash -c 'pg_restore --verbose --clean --no-acl --no-owner -h "$POSTGRES_PORT_5432_TCP_ADDR" -p "$POSTGRES_PORT_5432_TCP_PORT" -U postgres -d <db name> /tmp/db.dump'
-- Read only
-- Create a group
CREATE ROLE postgres_ro_group;
-- Grant access to existing tables
GRANT USAGE ON SCHEMA public TO postgres_ro_group;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO postgres_ro_group;
Script to create user with permission for a specific namespace.
# Script based on
# In honor of the remarkable Windson
if [[ -z "$namespace" ]]; then
echo "Use "$(basename "$0")" NAMESPACE";
# Locate the history file in your profile, and copy it to the same folder as this script.
# On Mac: ~/Library/Application\ Support/Google/Chrome/Default/History
# On Windows: C:\Users\YOUR USER NAME\AppData\Local\Google\Chrome\User Data\Default\History
sqlite3 History <<!
.headers on
.mode csv
.output out.csv
vi /etc/environment
add these lines...
# assign env var, if set
find -L "${HB}/opt" -name 'INSTALL_RECEIPT.json' -maxdepth 2 -print > /tmp/homebrew-installed.txt
printf '' > /tmp/homebrew-installed-w-options.txt
Blue-Green AWS Auto Scaling Deployments with Terraform

A quick note on how I'm currently handling Blue/Green or A/B deployments with Terraform and AWS EC2 Auto Scaling.

In my particular use case, I want to be able to inspect an AMI deployment manually before disabling the previous deployment.

Hopefully someone finds this useful, and if you have and feedback please leave a comment or email me.


I build my AMI's using Packer and Ansible.

  • First create a host-only network if not already done so. Use the IP Address with the netmask Don't enable DHCP server (next tab), it should be unchecked.

  • Make sure two network interfaces are assigned to the VM. The first being a NAT interface (note: NOT NAT Network). The second being a Host-Only Adapter.

  • In the Ubuntu guest the /etc/network/interfaces file should look something similar to below.

# This file describes the network interfaces available on your system
If you're using self-signed certificate for your web server on development, you might know the browser warning saying that your certificate isn't valid. If like me you had manually added an exception for this certificate error each time it showed up, this gist is for you.

Properly Configure OpenSSL with your DNS aliases

You'll have to create a self-signed certificate with a custom SubjectAltName.

  1. Find your openssl config. find /usr/lib -name openssl.cnf