Skip to content

Instantly share code, notes, and snippets.

View brodygov's full-sized avatar

Andy Brody brodygov

20 followers · 0 following
View GitHub Profile
@brodygov
brodygov / pkcs11-test.rb
Last active October 29, 2019 17:39
Test of openssl PKCS11 functionality (works with PIV card)
# engine_pkcs11 came from `brew install engine_pkcs11`
require 'tty-prompt'
OpenSSL::Engine.load
pkcs11_engine = OpenSSL::Engine.by_id('dynamic') do |e|
e.ctrl_cmd('SO_PATH', '/usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so')
e.ctrl_cmd('ID', 'pkcs11')
e.ctrl_cmd('LIST_ADD', '1')
e.ctrl_cmd('LOAD')
e.ctrl_cmd('PIN', TTY::Prompt.new.ask('PIN:', echo: false))
@alex
alex / download-slack-emoji.py
Created November 12, 2017 04:33
from __future__ import print_function
import os
import sys
import zipfile
import requests
def main(argv):
@brodygov
brodygov / github-copy-issues.rb
Created May 30, 2017 18:46
Copy issues from one github repository to another
#!/usr/bin/env ruby
# Copy a list of issues from one repository to another.
#
# This whole script is a poorly documented mess. Sorry.
require 'date'
require 'yaml'
require 'pp'
@vancluever
vancluever / terraform-remote-config.sh
Last active May 31, 2017 02:52
Effectively emulating the old "terraform remote config" command (TF >= v0.9.0)
#!/usr/bin/env bash
# Say you have a S3 state with KMS on, with the appropriate variables
# configured below (these could also be parameterized but I wanted to
# make this gist as easy as possible to digest). Using this script
# (or a reasonable facsimile thereof), you can emulate the old
# "terraform remote config" command that existed in TF pre-v0.9
# by creating a file with your config in your Terraform directory.
# This file should be ignored in source control!
@maxvt
maxvt / infra-secret-management-overview.md
Last active February 28, 2024 20:53
Infrastructure Secret Management Software Overview

Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.

This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.

There is a companion feature matrix of various tools. Comments are welcome in the same manner.

@ccampanale
ccampanale / vaultsealmanager.sh
Created December 10, 2015 19:31
Bash shell script to check seal status for local vault server and attempt to unseal using keys secured in vault secret store. Supports HA Vault clusters with TLS with unseal keys stored as secrets in vault (see code). Relies on registered service vault.service.consul, in place DNS configuration, and a single unsealed vault instance in your clust…
#!/bin/bash
export vault=/usr/local/bin/vault
export VAULT_TOKEN=$(cat /root/.vault-token)
vault_cacert='-ca-cert=/path/to/your/ca.pem'
local_vault="-address=https://$(hostname -f):8200"
unsealed_vault="-address=https://$(getent hosts $(dig +short vault.service.consul | tail -n 1) | awk '{ print $2 }'):8200"
leader_vault="-address=https://$($vault status $vault_cacert $unsealed_vault 2> /dev/null | grep Leader | awk '{ print $2 }' | sed 's/^http\(\|s\):\/\///g'):8200"
vault_read="$vault read $vault_cacert $leader_vault"
vault_unseal="$vault unseal $vault_cacert $local_vault"
@ab
ab / logger-colors.rb
Created July 23, 2012 01:53 — forked from janlelis/logger-colors.rb
logger-colors
# Colorizes the output of the standard library logger, depending on the logger level:
# To adjust the colors, look at Logger::Colors::SCHEMA and Logger::Colors::constants
class ColoredLogger < Logger
module Colors
VERSION = '1.0.1'
NOTHING = '0;0'
BLACK = '0;30'
RED = '0;31'
GREEN = '0;32'