I hereby claim:
- I am adeelahmad84 on github.
- I am adeelahmad (https://keybase.io/adeelahmad) on keybase.
- I have a public key ASBtCsSJa2qo8UeTY4rGmIKinM2ogrOU4lWHMaAxDCsYpwo
To claim this, I am signing this object:
devops-adeel
/ Keybase.md
Created
August 10, 2017 23:53
devops-adeel
/ keybase.md
Created
December 3, 2020 15:54
I hereby claim:
- I am devops-adeel on github.
- I am devops_adeel (https://keybase.io/devops_adeel) on keybase.
- I have a public key ASB4CR6QVZ3DpLsjF0xMnIFCm8huRq4_u9sEoEZdYY-OSgo
To claim this, I am signing this object:
devops-adeel
/ aws_user_vault.tf
Last active
April 22, 2022 16:28
Vault AWS Auth Method - with Rotate Root Credentials invoked.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_iam_policy_document" "default" { | |
| version = "2012-10-17" | |
| statement { | |
| sid = "AllowVaultAuth" | |
| effect = "Allow" | |
| resources = ["*"] | |
| actions = [ | |
| "ec2:DescribeInstances", |
devops-adeel
/ registry.tf
Last active
March 25, 2022 19:23
MVP TF module for TF-Module Registry for every TFE/C org.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "tfe_org" {} | |
| data "vault_generic_secret" "default" { | |
| path = "secret/github_auth" | |
| } | |
| data "tfe_organization" "default" { | |
| name = var.tfe_org | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "vault_audit" "file" { | |
| type = "file" | |
| description = "Vault Audit to File" | |
| options = { | |
| file_path = "/var/log/vault_audit.log" | |
| format = "json" | |
| mode = "0000" | |
| prefix = "vault" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "vault_ldap_auth_backend" "default" { | |
| path = "ldap" | |
| url = "ldaps://dc-01.example.org" | |
| userdn = "OU=Users,OU=Accounts,DC=example,DC=org" | |
| userattr = "sAMAccountName" | |
| upndomain = "EXAMPLE.ORG" | |
| discoverdn = false | |
| groupdn = "OU=Groups,DC=example,DC=org" | |
| groupfilter = "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| locals { | |
| namespace = format( | |
| "{{identity.entity.aliases.%s.metadata.service_account_namespace}}", | |
| vault_auth_backend.default.accessor | |
| ) | |
| } | |
| data "kubernetes_service_account_v1" "default" { | |
| metadata { | |
| name = "vault-auth" |
devops-adeel
/ aad_oidc_grp.tf
Last active
October 11, 2023 15:30
Terraform snippet to setup AzureAD Auth Method.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| locals { | |
| aad_group = var.aad_group | |
| application = var.application_name | |
| mount_accessor = var.mount_accessor | |
| } | |
| data "azuread_group" "default" { | |
| display_name = local.aad_group | |
| } |
devops-adeel
/ github_actions_snippet.yaml
Last active
April 20, 2022 17:51
Github Actions OIDC Auth Method For Vault.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jobs: | |
| build: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Retrieve secret from Vault | |
| uses: hashicorp/vault-action@v2.4.0 | |
| with: | |
| url: https://vault-cluster-private-url.aws.hashicorp.cloud:8200 |
devops-adeel
/ aws_kms_auto_unseal.tf
Last active
April 20, 2022 18:00
Minimal AWS IAM permissions on S3 for raft auto-snapshot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_kms_key" "auto_unseal" { | |
| key_id = "alias/my-key" | |
| } | |
| data "aws_iam_policy_document" "auto_unseal" { | |
| version = "2012-10-17" | |
| statement { | |
| effect = "Allow" | |
| actions = [ | |
| "kms:DescribeKey", |
OlderNewer