Skip to content

Instantly share code, notes, and snippets.

I'm a banana.

Brian Hatfield bmhatfield

I'm a banana.
Block or report user

Report or block bmhatfield

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
bmhatfield / .zshrc
Last active Dec 30, 2019
OSX Keychain Environment Variables
View .zshrc
# If you use bash, this technique isn't really zsh specific. Adapt as needed.
source ~/
# AWS configuration example, after doing:
# $ set-keychain-environment-variable AWS_ACCESS_KEY_ID
# $ set-keychain-environment-variable AWS_SECRET_ACCESS_KEY
# provide: "j1/yoursupersecret/password"
export AWS_ACCESS_KEY_ID=$(keychain-environment-variable AWS_ACCESS_KEY_ID);
export AWS_SECRET_ACCESS_KEY=$(keychain-environment-variable AWS_SECRET_ACCESS_KEY);
bmhatfield / .profile
Last active Dec 18, 2019
Automatic Git commit signing with GPG on OSX
View .profile
# In order for gpg to find gpg-agent, gpg-agent must be running, and there must be an env
# variable pointing GPG to the gpg-agent socket. This little script, which must be sourced
# in your shell's init script (ie, .bash_profile, .zshrc, whatever), will either start
# gpg-agent or set up the GPG_AGENT_INFO variable if it's already running.
# Add the following to your shell init to set up gpg-agent automatically for every shell
if [ -f ~/.gnupg/.gpg-agent-info ] && [ -n "$(pgrep gpg-agent)" ]; then
source ~/.gnupg/.gpg-agent-info

How to use GPG/PGP to share passwords

Sometimes we need to transmit passwords over unsecured channels, like Slack or email. There are lots of password managers, but their password sharing functionality is less robust than I like. For example, 1Password lets you share passwords, but to do so you must share your entire keychain - which is not useful.

To solve this, we can use public/private keys to transmit messages over any channel, that can only be decrypted by the end user. This is stuff of the future! It seems like it would be complicated, but common use cases are very easy to set up and use!


bmhatfield / check-recent-oom
Created Apr 16, 2016
A simple, time-based OOM check script for use with riemann-sumd
View check-recent-oom
# Run on a minutely basis by
LAST_OOM="$(grep 'Out of memory' /var/log/kern.log | tail -n 1)";
if [ -n "${LAST_OOM_TIME}" ]; then
if [ $(($((`date +%s` - `date --date="${LAST_OOM_TIME}" +%s`)) / 60 )) -le ${LAST_OOM_WINDOW} ]; then
echo "CRITICAL: OOM within last ${LAST_OOM_WINDOW} minutes!"
echo ${LAST_OOM}
bmhatfield / local_databag.rb
Created Mar 29, 2016
Encrypt, Edit and key-rotate databags.
View local_databag.rb
require 'chef/knife'
module LocalDatabags
class Encrypt < Chef::Knife
deps do
require 'chef/encrypted_data_bag_item'
banner "knife encrypt BAGNAME ITEM KEYFILE"
bmhatfield / ec2-security-group-rules
Created Mar 9, 2016
Output a human-readable & colorized view of your EC2 security group rules
View ec2-security-group-rules
#!/usr/bin/env ruby
require 'aws-sdk'
require 'colorize'
ec2 =
ec2.security_groups.sort_by{|s| s.group_name }.each do |sg|
puts sg.group_name.underline unless sg.ip_permissions.empty?
sg.ip_permissions.each do |perm|
bmhatfield / gist:8600671
Created Jan 24, 2014
Working Ohai Plugin
View gist:8600671
require_plugin "#{os}::network"
provides 'ipaddress'
if virtualization['system'] == 'vbox'
network['interfaces']['eth1']['addresses'].each do |ip, params|
if params['family'] == 'inet'
ipaddress ip
View gist:6003399
var fields map[string]interface{} = make(map[string]interface{})
func main() {
fields["device"] = json.RawMessage(`{"OMG": 13}`)
jsn, err := json.Marshal(fields)
if err == nil {
} else {
View gist:5454382
time: 1366828063
service: "myservice"
host: ""
ttl: 300.0
attributes {
key: "zoinks"
value: "4"
attributes {
key: "forks"
View gist:5260740
; Expire old events from the index every 15 seconds.
(periodically-expire 10 {:keep-keys [:host :service :tags]})
(def rollup-ttl 60)
(def throttle-ttl 120)
(defn event-log [prefix]
(fn [e] (info prefix (str e))))
(def email (mailer {:from "riemann@domain"}))
You can’t perform that action at this time.