Skip to content

Instantly share code, notes, and snippets.

View GuyBarros's full-sized avatar

Guy Barros GuyBarros

78 followers · 79 following
View GitHub Profile
@GuyBarros
GuyBarros / CKA.md
Created November 28, 2023 20:46
Multipass CKA single script set up 
multipass launch -m2G -c2 -d5G -n "k8scp" lts --network "en0"

K8SCP

wget https://cm.lf.training/LFS258/LFS258_V2023-09-14_SOLUTIONS.tar.xz --user=LFtraining --password=Penguin2014

tar -xvf LFS258_V2023-09-14_SOLUTIONS.tar.xz
@GuyBarros
GuyBarros / vault-non-disruptive-pki-rotation_sh
Created December 16, 2022 15:25
vault 1.11+ non disruptive pki rotation example script
#!/usr/bin/env zsh
###########
# Root CA #
###########
vault secrets enable pki
vault secrets tune -max-lease-ttl=87600h pki
@GuyBarros
GuyBarros / vault_ldap.tf
Created September 26, 2022 14:54
resource "vault_mount" "ldap" {
path = "ldap"
type = "openldap"
description = "LDAP Secret Engine"
}
resource "vault_generic_endpoint" "openldapconfig" {
depends_on = [vault_mount.ldap]
path = "${vault_mount.ldap.path}/config"
@GuyBarros
GuyBarros / vault_clients.sh
Created April 25, 2022 11:17
getting details from Vault client count.
Executing the command below will bring a list of entities , their auth method and their id:
Export VAULT_ADDR=https://<Vault_address>:8200
export VAULT_TOKEN=<Vault_token>
export VAULT_NAMESPACE=<Vault_namespace>
@GuyBarros
GuyBarros / MY_TLS_LOGIN_SETUP
Created April 29, 2021 10:44
################################################ start #################################################
###############################
export VAULT_ADDR=https://vault.hashidemos.io:8200
export VAULT_TOKEN=s.evX
# Set up the PKI Secret Engine
###############################
## Root CA Mount
@GuyBarros
GuyBarros / jenkins_create_approle_secret
Created February 9, 2021 12:41
script to create approle credential
import hudson.util.Secret
import com.datapipe.jenkins.vault.credentials.*
import com.cloudbees.plugins.credentials.impl.*
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.domains.*
VaultAppRoleCredential customCredential = new VaultAppRoleCredential(
CredentialsScope.GLOBAL,
'custom-credential',
@GuyBarros
GuyBarros / hashicorp-vault-helm-values.yaml
Created November 2, 2020 17:22
global:
# enabled is the master enabled switch. Setting this to true or false
# will enable or disable all the components within this chart by default.
enabled: true
# TLS for end-to-end encrypted transport
tlsDisable: true
# If deploying to OpenShift
psp:
enable: false
@GuyBarros
GuyBarros / vault4pfx.hcl
Created December 18, 2019 15:43
A TFScript to connect to Vault , generate a PKI cert and use that cert as the seed for a pfx file
variable "vault_host" {
description = "Vault hostname"
default = "vault.ric-lnd-stack.ric.aws.hashidemos.io"
}
terraform {
backend "remote" {
organization = "hc-emea-sentinel-demo"
workspaces {
name = "vault-integration"
}
@GuyBarros
GuyBarros / readme.md
Last active October 22, 2019 08:30 — forked from benstr/readme.md
Gist Markdown Cheatsheet

#Heading 1

##Heading 2

###Heading 3

####Heading 4

#####Heading 5

@GuyBarros
GuyBarros / gist:3a9901a22bd52ae0f4f5e1f7154468a1
Created July 26, 2019 14:53
startigng of vault notifier
Steps to make a Control Group Notifier
1) list all Tokens
curl -X LIST \
http://eu-guystack-vault-561637873.eu-west-2.elb.amazonaws.com:8200/v1/auth/token/accessors \
-H 'Accept: */*' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \