VLoub
/ SQL server - BYOK with AzureKeyVault - DeployIfNotExist.jsonc
Created
September 25, 2025 13:29
Azure policy for creation of keyvault and key for SQL that need to be using CMK from its own keyvault. Just ensure that SQL server has private endpoint
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Show hidden characters
| { | |
| "if": { | |
| "allOf": [ | |
| { | |
| "field": "type", | |
| "equals": "Microsoft.Sql/servers" | |
| }, | |
| { | |
| "value": "[subscription().displayName]", | |
| "contains": "-Secret-" |
VLoub
/ cetrificate-login-az-keyvault-from-linux.ps1
Last active
October 8, 2024 17:19
How to use cert from key vault to login into Az Module azure management api from linux
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to download cert use | |
| Connect-AzAccount -Identity # with acc that has access to Key Vault | |
| # get token and download cert value | |
| $vaultToken = Get-AzAccessToken -ResourceUrl 'https://vault.azure.net' | |
| $headers = @{ Authorization = $($vaultToken.Type, $vaultToken.Token -join ' ') } | |
| $targetTenantAppCert = Invoke-RestMethod -Method Get -Uri "https://$($env:YourKeyVault).vault.azure.net/secrets/EntraCert?api-version=7.1" -Headers $headers | |
| # convert cert bytes to bytes with password as Connect-AzAccount needs to have password on it | |
| $certBytes = [Convert]::FromBase64String($targetTenantAppCert.value) | |
| $keyvaultCert = [Security.Cryptography.X509Certificates.X509Certificate2]::new($certBytes, $null, [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $pramAssignment = @{ | |
| Name = [guid]::NewGuid().Guid | |
| Scope = '/providers/Microsoft.Management/managementGroups/That Main Mgmt Group' | |
| ExpirationDuration = [Xml.XmlConvert]::ToString($(New-TimeSpan -Days 4 -Hours 5)) # [Xml.XmlConvert]::ToTimeSpan('P4DT5H') | |
| ExpirationType = 'AfterDuration' | |
| PrincipalId = '5a4bds72-ab3e-4d8e-ab2f-8dd8917481a2' | |
| RequestType = 'adminAssign' | |
| RoleDefinitionId = '/providers/Microsoft.Authorization/roleDefinitions/8e3af653-a5ff-443c-a75c-2fe8c4bcb635' | |
| ScheduleInfoStartDateTime = [DateTime]::UtcNow.ToString('o') | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-AzApplicationInsightsQuery { | |
| [CmdletBinding()] | |
| [Alias('iai')] | |
| Param ( | |
| [Parameter(Mandatory,ValueFromPipelineByPropertyName,HelpMessage = 'Insights App ID get by (Get-AzApplicationInsights).AppId')] | |
| [ValidateNotNullOrEmpty()] | |
| [alias('Id')] | |
| [Guid]$ApplicationId, | |
| [Parameter(Mandatory,HelpMessage = 'Your KQL query')] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This PowerShell script first grabs the Azure context, fetches the profile client and requests an accesstoken. | |
| # This entirely done using the Az.Profile module | |
| $currentAzureContext = Get-AzContext | |
| $azureRmProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile | |
| $profileClient = New-Object Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient $azureRmProfile | |
| $profileClient.AcquireAccessToken($currentAzureContext.Subscription.TenantId).AccessToken |
VLoub
/ SQL template with optional user assigned identity.bicep
Last active
July 31, 2023 14:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource sqlServer_resource 'Microsoft.Sql/servers@2022-11-01-preview' = { | |
| name: sqlServerName | |
| location: location | |
| identity: { | |
| type: identity | |
| userAssignedIdentities: ( contains(identity,'SystemAssigned') ) ? { '${replace(userDefinedIdentity,'"','')}': {} } : null | |
| } | |
| properties: { | |
| administratorLogin: sqlServerAdministrator | |
| administratorLoginPassword: sqlServerAdministratorPwd |
VLoub
/ gist:47ed6f76d3c0ad0cdbe187585953f1a0
Created
May 31, 2023 14:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| choco install --whatif $(@( | |
| 'azure-cli' | |
| 'brave' | |
| 'calibre' | |
| 'chocolatey' | |
| 'ditto' | |
| 'git' | |
| 'github-desktop' | |
| 'irfanview' | |
| 'megasync' |
VLoub
/ Veeam Agent dockerized on Oracle Linux 8 - Dockerfile
Last active
March 6, 2023 12:27
Veeam Agent dockerized on Oracle Linux 8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM oraclelinux:8 | |
| # Configure systemd | |
| RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ | |
| rm -f /lib/systemd/system/multi-user.target.wants/*;\ | |
| rm -f /etc/systemd/system/*.wants/*;\ | |
| rm -f /lib/systemd/system/local-fs.target.wants/*; \ | |
| rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ | |
| rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ | |
| rm -f /lib/systemd/system/basic.target.wants/*;\ |
VLoub
/ o365 oauth app with user consent for calendar.ps1
Last active
February 3, 2023 13:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # See https://learn.microsoft.com/en-us/graph/auth-v2-user | |
| $AppName = 'Some App Name' | |
| $tenantId = 'common' # public or work & organization users | |
| $graphEndpoint = 'https://graph.microsoft.com/v1.0' | |
| $oAuthUri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0" | |
| $appRegistrationParam = @{ | |
| DisplayName = $AppName | |
| SignInAudience = "AzureADMultipleOrgs" # AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount | |
| Web = @{ RedirectUris = "http://localhost/myapp/"; } # https://login.microsoftonline.com/common/oauth2/nativeclient or msal${clientId}://auth |
VLoub
/ Create SQL Regex Function in DB.sql
Last active
September 14, 2022 16:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* https://blog.dotnetframework.org/2019/12/17/regular-expression-clr-udf-in-sql-server/ */ | |
| EXEC sp_changedbowner 'sa' | |
| ALTER DATABASE RandomData SET trustworthy ON | |
| GO | |
| sp_configure 'show advanced options', 1; | |
| GO | |
| RECONFIGURE; | |
| GO |
NewerOlder