-
Do you use config files for your app, or do you have a distributed solution? (etcd, serf, etc)
If config files:
- How do you set them up to work in multiple environments?
-
How are they different for developer machines?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For the saltstack tutorial, just install the [latest vagrant](https://docs.vagrantup.com/v2/getting-started/index.html) and use the below Vagrantfile to build a new vagrant box: | |
`Vagrantfile` | |
``` | |
# -*- mode: ruby -*- | |
# vi: set ft=ruby : | |
Vagrant.configure(2) do |config| | |
config.vm.box = "ubuntu/trusty64" | |
config.vm.provision "shell", inline: <<-SHELL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Creates a host identity using host-factory and places it in /etc/conjur.identity | |
# Requires the Conjur CLI and host-factory plugin to be installed | |
# Usage: | |
# ./hostfactory_bootstrap.sh 92198eb129peh812ue9puihd891 mynewhost1 | |
hostfactory_token=$1 | |
host_name=$2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# First, let's define some secrets we want to pass to Chef | |
cat << SECRETS > /etc/chef.secrets | |
DB_PASSWORD: !var db/postgres/customers/password # exports value as env var | |
SSL_CERT: !tmp certs/ssl/mydomain # creates temporary file and exports path as env var | |
SECRETS | |
# In our recipe we can use ENV['DB_PASSWORD'] and ENV['SSL_CERT'] where secrets are needed | |
# We have the Conjur CLI on the machine, so we can use conjur env |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
policy "demo-factory-1-0" do | |
variables = [ | |
variable("aws/access_key_id"), | |
variable("aws/secret_access_key"), | |
variable("sentry/projects/demo-factory/dsn"), | |
variable("hipchat/api-token"), | |
variable("trials/hubspot/api-key"), | |
variable("mandrill/api-key"), | |
variable("keen.io/demo-factory/project-id"), | |
variable("keen.io/demo-factory/write-key") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Applying a Conjur identity to a Heroku app via config vars | |
# Name of your conjur organization | |
heroku config:set CONJUR_ACCOUNT=myorg | |
# Endpoint of your Conjur server | |
heroku config:set CONJUR_APPLIANCE_URL=https://conjur-master.myorg.com/api | |
# Name of the host you created to represent the Heroku app | |
heroku config:set CONJUR_AUTHN_LOGIN=host/production/heroku/demo-factory-conjur | |
# API key of the host you created | |
heroku config:set CONJUR_AUTHN_API_KEY=sb0ncv1yj9c4w2e9pb1a2s8eh18dgf1gfz3nb31ft33s7nnz1cjw1r7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWS_ACCESS_KEY_ID: !var aws/access_key_id | |
AWS_SECRET_ACCESS_KEY: !var aws/secret_access_key | |
SENTRY_DSN: !var sentry/projects/demo-factory/dsn | |
HIPCHAT_TOKEN: !var hipchat/api-token | |
HUBSPOT_API_KEY: !var trials/hubspot/api-key | |
MANDRILL_API_KEY: !var mandrill/api-key | |
KEEN_PROJECT_ID: !var keen.io/demo-factory/project-id | |
KEEN_WRITE_KEY: !var keen.io/demo-factory/write-key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# I have a policy named demo-factory-1-0 defined in policy.rb | |
# Let's create a development policy | |
conjur policy load --as-group v4/ops --collection development policy.rb | |
# The collection flag means our policy is named development/demo-factory-1-0 | |
# Any variables, groups, etc created will have the prefix development/demo-factory-1-0 | |
# Ex: I defined variable aws/access_key_id in policy.rb so it's name will be development/demo-factory-1-0/aws/access_key_id | |
# I can then go and add a value to that variable | |
# Now we can use the policy flag to conjur env to specify a prefix for the variables when retrieving them |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'net/http' | |
require 'net/https' | |
require 'uri' | |
class Conjur::Command::Jenkins < Conjur::Command | |
desc 'Interact with Jenkins using Conjur credentials' | |
command :jenkins do |jenkins| | |
jenkins.desc 'Build a Jenkins job' | |
jenkins.arg_name 'job_name' | |
jenkins.command 'build' do |c| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
/* | |
./keychain -name mysecret | |
Siam589_logy | |
On run you'll get a popup window asking for access. | |
*/ | |
import ( |
OlderNewer