Skip to content

Instantly share code, notes, and snippets.

View chrishoffman's full-sized avatar

Chris Hoffman chrishoffman

91 followers · 2 following
  • Pennsylvaina, USA
View GitHub Profile
@chrishoffman
chrishoffman / mfa-login-1.10.sh
Last active March 9, 2022 22:10
MFA Login for Vault 1.10+
#!/bin/bash
## Tools required
# brew install oath-toolkit qrencode jq
# Vault binary in path (1.10+)
# This script uses Vault Enterprise but just remove the namespace commands for OSS
export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=root
@chrishoffman
chrishoffman / mfa-login.sh
Last active September 17, 2021 14:25
Demonstrating Vault MFA on login paths
#!/bin/bash
## Tools required
# brew install oath-tools qrencode jq
# Vault Enterprise binary in the PATH
## Vault Server Command (separate terminal)
# VAULT_LICENSE=<vault license> vault server -dev -dev-root-token-id=root
export VAULT_ADDR=http://127.0.0.1:8200
@chrishoffman
chrishoffman / sentinel.sh
Created August 27, 2021 19:03
Sentinel and Namespaces
#!/bin/bash
## Tools required
# brew install oath-tools qrencode jq
# Vault Enterprise binary in the PATH
## Vault Server Command (separate terminal)
# VAULT_LICENSE=<vault license> vault server -dev -dev-root-token-id=root
export VAULT_ADDR=http://127.0.0.1:8200
@chrishoffman
chrishoffman / mfa-ping.sh
Last active May 4, 2022 19:55
Demonstrating the Enterprise MFA workflow
#!/bin/bash
## Tools required
# brew install jq
# Vault Enterprise binary in the PATH
## Vault Server Command (separate terminal)
# VAULT_LICENSE=<vault license> vault server -dev -dev-root-token-id=root
export VAULT_ADDR=http://127.0.0.1:8200
@chrishoffman
chrishoffman / policy_test.sh
Created March 16, 2020 20:32
#!/bin/bash
cat > policy1.hcl <<EOF
path "secret/data/nemo/dev-master/*"
{
capabilities = ["read", "list", "create", "update", "delete"]
}
EOF
cat > policy2.hcl <<EOF
@chrishoffman
chrishoffman / Parsed Certificate
Created December 17, 2017 17:55
X509Certificate2 - "Unknown format in import."
$ echo "MIIDszCCApugAwIBAgIUcUku1dAcLzWHWzaKCxZLxNRJlnwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoVmF1bHQgVGVzdGluZyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNzEyMTcxNzM4NDRaFw0xNzEyMTcxODM5MTRaMC8xLTArBgNVBAMTJDg3YjMzMTRlLTUyYjAtNDk4NS05Mzk1LWNkNWI2OGJjMjE5YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7gEhP7JjYPQPU0k9zIpLFzwGhwFJpvmPV+hbaNMQIgej7NlDvnaJyNYAfG6Wg8BQcKzVeSwpXpBNd9bV4qC2UaToc+7npviooPl9NUBYkCcoEQtl12eNEPFOmZD1Xuu8gdGliP+kFRUu67KTqi+R60wM45CVVOUYclvuQNCYHXKWHEupP09tgmFK7pXpoMMqOysyZuwQ3ivmQtVBrWma+Ankn1mqYA6VYqefsSJd6DELfpaDEtBcQ4/k6KA0xtrv+tDsYmtdyvDp2HPtGnY13dTWf/XGTCkMWQHs1gS7NprD6iusuW5ZHY5Me7lIHsoiMGDBeZbjmNrk/lu6Yq5DECAwEAAaOBwjCBvzAOBgNVHQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRpxZSCF0HJ/cvIpVcgFppYO+ypRDAfBgNVHSMEGDAWgBQRey8jjq240nYnzoqxKHLzHRy9KzBOBgNVHREERzBFgiQ4N2IzMzE0ZS01MmIwLTQ5ODUtOTM5NS1jZDViNjhiYzIxOWGCC2V4YW1wbGUuY29tghB0ZXN0LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQB+IZifHQJ/gT85AePZLIJAcpZQKW1hu1aK8iWh7tD0M8NzrdeFpEhqWFu4CBii2gNjYSqwPZITzesFCZ1ztKCOxYCV
@chrishoffman
chrishoffman / gist:c36593331df448c1fdff0405f818656f
Created May 24, 2017 13:45 — forked from jefferai/gist:e2bebc3bb97fed521666
Example of Vault PKI (X509) backend issuing certificates to client and server, which then perform TLS mutual auth
package main
import (
"crypto/tls"
"fmt"
"html"
"io/ioutil"
"log"
"net"
"net/http"
@chrishoffman
chrishoffman / pki-max-ttl.sh
Created May 22, 2017 13:11
PKI max ttl
# setup pki
vault mount pki
vault mount-tune -max-lease-ttl=87600h pki
vault write pki/root/generate/internal common_name="Vault Testing Root Authority" ttl=87600h
# create role
vault write pki/roles/test allow_any_name=true enforce_hostnames=false max_ttl=1440h
# create certificate and read it
vault write -format=json pki/issue/test common_name=test ttl=1440h | \
@chrishoffman
chrishoffman / pki-setup.sh
Last active July 19, 2023 15:52
Vault Multi-Level CA Setup
vault mount pki
vault mount -path=pki1 pki
vault mount -path=pki2 pki
vault mount -path=pki3 pki
vault mount-tune -max-lease-ttl=87600h pki
vault mount-tune -max-lease-ttl=87600h pki1
vault mount-tune -max-lease-ttl=87600h pki2
vault mount-tune -max-lease-ttl=87600h pki3
vault write pki/root/generate/internal common_name="Vault Testing Root Authority" ttl=87600h
@chrishoffman
chrishoffman / keybase.md
Last active June 23, 2016 03:01
keybase.md

Keybase proof

I hereby claim:

  • I am chrishoffman on github.
  • I am chrishoffman (https://keybase.io/chrishoffman) on keybase.
  • I have a public key ASDK5022wUtNWvCXHQZu3G5M36Y2f_iQv3H3kbLs8Ml8DQo

To claim this, I am signing this object: