Skip to content

Instantly share code, notes, and snippets.

View devops-adeel's full-sized avatar
🎯
Focusing

Adeel Ahmad devops-adeel

🎯
Focusing
67 followers · 160 following
View GitHub Profile
@devops-adeel
devops-adeel / cicd_admin.tf
Last active April 20, 2022 09:30
Lean Vault CICD Admin Policy to begin with.
locals {
member_entity_ids = var.entity_ids
}
data "vault_policy_document" "default" {
rule {
path = "sys/namespaces/"
capabilities = ["list"]
description = "List namespaces in root"
}
@devops-adeel
devops-adeel / vault_aws_auth.tf
Created April 20, 2022 11:59
Setting AWS Auth Method
resource "aws_iam_access_key" "default" {
user = var.user
}
resource "vault_auth_backend" "default" {
type = "aws"
}
resource "vault_aws_auth_backend_client" "default" {
backend = vault_auth_backend.default.path
@devops-adeel
devops-adeel / auth0_app.tf
Created April 20, 2022 17:38
Create a Web App in Auth0 for Vault
locals {
oidc_app = "hashicorp-vault-app"
}
data "auth0_tenant" "default" {}
resource "auth0_connection" "default" {
name = local.oidc_app
strategy = "auth0"
}
@devops-adeel
devops-adeel / vault_dr_acl.tf
Last active April 21, 2022 10:13
Vault DR replication ACL following: https://learn.hashicorp.com/tutorials/vault/disaster-recovery?in=vault/day-one-raft#dr-operation-token-strategy
locals {
role_name = "failover-handler"
}
data "vault_policy_document" "default" {
rule {
path = "sys/replication/dr/secondary/promote"
capabilities = ["update"]
description = "Create and manage ACL policies"
}
@devops-adeel
devops-adeel / gcp_config.tf
Created April 28, 2022 13:54
Vault-Terraform-GCP integration
variable "approle_id" {}
variable "approle_secret" {}
provider "vault" {
auth_login {
namespace = "admin/terraform-vault-secrets-gcp"
path = "auth/approle/login"
parameters = {
role_id = var.approle_id
@devops-adeel
devops-adeel / github_module.tf
Created May 4, 2022 13:28
series of code to automate tf-module-setup
/**
* Usage:
*
* ```hcl
*
* module "github_repo" {
* source = "hashicorp/github_terraform_module"
* application_name = "foo"
* tfc_token = vault_terraform_cloud_secret_creds.default.token
* }
@devops-adeel
devops-adeel / acl_policies.tf
Last active July 11, 2022 15:56
basic pattern on acl templating with entity metadata against jwt auth method/role.
locals {
engine = [
"secret",
"oracle",
"postgres",
"mysql"
]
}
data "vault_policy_document" "read" {
@devops-adeel
devops-adeel / aws_iam_federated.tf
Last active August 8, 2023 20:15
WIP Code in creating workload identity
data "aws_iam_policy_document" "default" {
version = "2012-10-17"
statement {
sid = "FederatedTrustVaultOIDC"
effect = "Allow"
actions = ["sts:AssumeRoleWithWebIdentity", ]
principals {
type = "Federated"
@devops-adeel
devops-adeel / groups.tf
Last active November 30, 2022 14:35
quick gist on having okta users request ssh signing
data "okta_group" "default" {
name = var.group_name
}
resource "vault_identity_group" "default" {
name = data.okta_group.default.name
type = "external"
external_policies = true
}
@devops-adeel
devops-adeel / aws_auth.tf
Last active February 15, 2023 18:11
Non-Interactive Consumption Pattern for Vault PKI
data "aws_billing_service_account" "default" {}
resource "aws_iam_user" "default" {
name = "vault-aws-auth-user"
}
resource "aws_iam_access_key" "default" {
user = aws_iam_user.default.name
}