Skip to content

Instantly share code, notes, and snippets.

Brian Green greenbrian

Block or report user

Report or block greenbrian

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@greenbrian
greenbrian / vault_demo.sh
Created Jun 23, 2019
Quick Vault demo usage
View vault_demo.sh
#!/bin/bash
## The following command starts Vault in development mode
## specifiying a root token value of 'root'
##
# VAULT_UI=true vault server -dev -dev-root-token-id="root"
## Login with root token
## Good for demo mode, should only be used on production cluster
## during initial configuration
@greenbrian
greenbrian / approle.sh
Created Apr 5, 2019
Vault CLI testing AppRole
View approle.sh
#!/bin/bash
# start vault
VAULT_UI=true vault server -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200
# login as root - DO NOT DO THIS IN PRODUCTION
vault login root
# write some secrets
vault kv put secret/test color=blue number=eleventeen
@greenbrian
greenbrian / nomad-vault.sh
Created Nov 10, 2018
Nomad + Vault agent
View nomad-vault.sh
#!/usr/bin/env bash
if [ -f /mnt/ramdisk/token ]; then
exec env VAULT_TOKEN=$(vault unwrap -field=token $(jq -r '.token' /mnt/ramdisk/token)) \
/usr/local/bin/nomad agent \
-config=/etc/nomad.d \
-vault-tls-skip-verify=true
else
echo "Nomad service failed due to missing Vault token"
exit 1
@greenbrian
greenbrian / vault-token-role-via-api.sh
Last active Mar 5, 2019
HashiCorp Vault Token Role overview
View vault-token-role-via-api.sh
# start vault in dev mode
VAULT_UI=true vault server -dev -dev-root-token-id="password"
# write some secrets for our example usage
curl --request POST \
--silent \
--header "X-Vault-Token: password" \
--header "Content-Type: application/json" \
--data '{ "options": { "cas": 0 }, "data": { "username": "administrator", "password": "hunter2" } }' \
http://127.0.0.1:8200/v1/secret/data/dev | jq '.'
@greenbrian
greenbrian / HashiCorp Vault - methods of writing ACL policies
Last active Feb 1, 2019
HashiCorp Vault - methods of writing ACL policies
View HashiCorp Vault - methods of writing ACL policies
There are many methods for writing Vault policies.
This gist was created to collect the most common methods
such that they can be easily used as references for syntax,
as well as evaluation for which method suits a particular purpose.
TODO:
- Add complex policy examples
- Add @json.file examples
View ansible role parameters.yml
---
- hosts: all
roles:
- role: foo
param1: '{{ foo }}'
param2: '{{ some_var1 + "/" + some_var2 }}'
when: ansible_os_family == 'RedHat'
View check if first node in group.yaml
---
- name: do stuff only if first member in a group
command: echo "hello"
when: groups.some_group[0] == inventory_hostname
@greenbrian
greenbrian / 0_reuse_code.js
Created Aug 12, 2016
Here are some things you can do with Gists in GistBox.
View 0_reuse_code.js
// Use Gists to store code you would like to remember later on
console.log(window); // log the "window" object to the console
@greenbrian
greenbrian / Ansible - use of template and with_nested
Last active Nov 3, 2016
Ansible template usage and with_nested
View Ansible - use of template and with_nested
#roles/myapp/tasks/main.yml
---
- name: manage config files
template: src={{ item[0].src }} dest=/etc/{{ item[1] }}/{{ item[0].dest }}
with_nested:
- config_files
- app_instance
You can’t perform that action at this time.