Skip to content

Instantly share code, notes, and snippets.

View greenbrian's full-sized avatar

Brian Green greenbrian

View GitHub Profile
@greenbrian
greenbrian / snapshot.md
Created December 6, 2019 04:15
Consul Snapshot restore Vault cluster

Take a consul snapshot:

consul snapshot save backup.snap

Verify consul snapshot:

consul snapshot inspect backup.snap

Stop Consul

systemctl stop consul.service

Stop Vault

@greenbrian
greenbrian / keybase.md
Created June 27, 2019 05:17
keybase.md

Keybase proof

I hereby claim:

  • I am greenbrian on github.
  • I am greenbrian (https://keybase.io/greenbrian) on keybase.
  • I have a public key ASDl2gMhvJmCjOwTsNKisOwCfyShHs3M3sBo8rvM3_kcGgo

To claim this, I am signing this object:

@greenbrian
greenbrian / vault_demo.sh
Created June 23, 2019 20:06
Quick Vault demo usage
#!/bin/bash
## The following command starts Vault in development mode
## specifiying a root token value of 'root'
##
# VAULT_UI=true vault server -dev -dev-root-token-id="root"
## Login with root token
## Good for demo mode, should only be used on production cluster
## during initial configuration
@greenbrian
greenbrian / approle.sh
Created April 5, 2019 13:25
Vault CLI testing AppRole
#!/bin/bash
# start vault
VAULT_UI=true vault server -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200
# login as root - DO NOT DO THIS IN PRODUCTION
vault login root
# write some secrets
vault kv put secret/test color=blue number=eleventeen
@greenbrian
greenbrian / nomad-vault.sh
Created November 10, 2018 21:02
Nomad + Vault agent
#!/usr/bin/env bash
if [ -f /mnt/ramdisk/token ]; then
exec env VAULT_TOKEN=$(vault unwrap -field=token $(jq -r '.token' /mnt/ramdisk/token)) \
/usr/local/bin/nomad agent \
-config=/etc/nomad.d \
-vault-tls-skip-verify=true
else
echo "Nomad service failed due to missing Vault token"
exit 1
@greenbrian
greenbrian / vault-token-role-via-api.sh
Last active January 23, 2024 15:10
HashiCorp Vault Token Role overview
# start vault in dev mode
VAULT_UI=true vault server -dev -dev-root-token-id="password"
# write some secrets for our example usage
curl --request POST \
--silent \
--header "X-Vault-Token: password" \
--header "Content-Type: application/json" \
--data '{ "options": { "cas": 0 }, "data": { "username": "administrator", "password": "hunter2" } }' \
http://127.0.0.1:8200/v1/secret/data/dev | jq '.'
@greenbrian
greenbrian / HashiCorp Vault - methods of writing ACL policies
Last active June 13, 2024 13:35
HashiCorp Vault - methods of writing ACL policies
There are many methods for writing Vault policies.
This gist was created to collect the most common methods
such that they can be easily used as references for syntax,
as well as evaluation for which method suits a particular purpose.
TODO:
- Add complex policy examples
- Add @json.file examples
@greenbrian
greenbrian / ansible role parameters.yml
Created August 15, 2016 15:27
ansible role notes
---
- hosts: all
roles:
- role: foo
param1: '{{ foo }}'
param2: '{{ some_var1 + "/" + some_var2 }}'
when: ansible_os_family == 'RedHat'
@greenbrian
greenbrian / check if first node in group.yaml
Last active August 15, 2016 20:32
ansible conditional notes
---
- name: do stuff only if first member in a group
command: echo "hello"
when: groups.some_group[0] == inventory_hostname
@greenbrian
greenbrian / 0_reuse_code.js
Created August 12, 2016 22:33
Here are some things you can do with Gists in GistBox.
// Use Gists to store code you would like to remember later on
console.log(window); // log the "window" object to the console