Skip to content

Instantly share code, notes, and snippets.

Viacheslav Vasilyev avoidik

Block or report user

Report or block avoidik

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@avoidik
avoidik / vault_oidc.sh
Created Oct 6, 2019
Vault OIDC command line
View vault_oidc.sh
r#!/usr/bin/env bash
# -*- coding: utf-8 -*-
###############################################################################################
##
## This script should be run manually and will authenticate a user to Vault via the OIDC
## workflow.
##
###############################################################################################
@avoidik
avoidik / exec.sh
Last active Oct 3, 2019
AWS IAM assume role, save profile and inject credentials into env
View exec.sh
#!/usr/bin/env bash
CREDS_PROFILE="test"
THIS_ROLE="arn:aws:iam::123456789012:role/role-to-assume"
THIS_PROFILE="test-assumed"
rm -rf ~/.aws/cli/cache
# Variant A
source <(aws --profile "${CREDS_PROFILE}" sts assume-role \
@avoidik
avoidik / main.go
Created Sep 25, 2019 — forked from michelvocks/main.go
Vault Client API approle login
View main.go
package main
import (
"fmt"
"log"
"github.com/hashicorp/vault/api"
)
var client *api.Client
View script.sh
# JOSE header and JWT payload
HEADER='{"alg": "ES256","typ": "JWT"}'
PAYLOAD='{"sub": "1234567890","name": "John Doe"}'
# Create a key in Vault.
vault write transit/keys/mykey exportable=true type=ecdsa-p256
# Prepare header and payload for signing
HEADER_B64=$(echo $HEADER | openssl base64 -A)
PAYLOAD_B64=$(echo $PAYLOAD | openssl base64 -A)
@avoidik
avoidik / git-prompt.sh
Last active Jul 10, 2019
git for windows git-prompt.sh to show branch and virtualenv
View git-prompt.sh
#!/bin/bash
#
# DESCRIPTION:
#
# Set the bash prompt according to:
# * the active virtualenv
# * the branch/status of the current git repository
# * the return value of the previous command
# * the fact you just came from Windows and are used to having newlines in
# your prompts.
@avoidik
avoidik / get_token.md
Created Jun 21, 2019 — forked from brianredbeard/get_token.md
aws, sts, and bash
View get_token.md

About

AWS provides a mechanism for temporarily assuming another role within their API system. While it is not a technically hard process it can be convoluted and hard to understand. This document aims to both make it easier to follow along with as well as give an in depth explanation of some of the underpinnings of the Bourne Again Shell (aka BASH) which can make this easier to utilize on a day to day basis.

Explanation

Below is an overexplained version of the following process:

  1. Using credentials stored in ~/.aws/credentials as a "profile" which are then understood by the AWS command line tools
  2. Using those AWS credentials, temporarily assume a role using the AWS Security Token Service (STS) to get temporary
@avoidik
avoidik / AWS-AutoUnseal-HashiCorp-Vault.md
Created Jun 19, 2019 — forked from allthingsclowd/AWS-AutoUnseal-HashiCorp-Vault.md
HashiCorp Vault AWS KMS AutoUnseal Key Rotation Example (all keys are obsolete - just a demo)
View AWS-AutoUnseal-HashiCorp-Vault.md

A Walk through of Key Rotation of a HashiCorp VAULT cluster using AWS KMS to AutoUnseal

PGP (Keybase) is used to encrypt the recovery keys

Built base environment using HashiCorp's Learn Website

ubuntu@ip-192-168-100-194:~$ export VAULT_ADDR=http://127.0.0.1:8200

ubuntu@ip-192-168-100-194:~$ vault status
@avoidik
avoidik / vault-tree
Created Jun 18, 2019 — forked from mazenovi/vault-tree
explore recursively your vault by HashiCorp
View vault-tree
#!/usr/bin/env bash
function walk() {
for secret in $(vault list $1 | tail -n +3)
do
if [[ ${secret} == *"/" ]] ; then
walk "${1}${secret}"
else
echo "${1}${secret}"
fi
@avoidik
avoidik / HOWTO.md
Last active Jun 3, 2019
GCC on Windows with MSYS2
View HOWTO.md

Install mingw using msys2 into c:\Tools\msys64\

  • install msys2
  • execute msys2_shell and then pacman -S mingw-w64-x86_64-gcc to install GCC
  • then perform pacman -S mingw-w64-x86_64-sqlite3 to install sqlite3 native library
  • add c:\Tools\msys64\mingw64\bin to PATH environment
You can’t perform that action at this time.