I hereby claim:
- I am heavypackets on github.
- I am heavypackets (https://keybase.io/heavypackets) on keybase.
- I have a public key ASCyq-ZD7Wq9UammrMvh8yEqTOvCk9Rcuf2LVBbFu7cxdwo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
static ref unsuccessful_login_counter: Counter = { | |
match register_counter!(opts!( | |
"simple_secrets_login_failure_total", | |
"Total number of failed logins in this instance lifetime.")) { | |
Ok(val) => val, | |
Err(e) => telemetry_config_failed_panic(&e) | |
} | |
}; | |
static ref secrets_fetch_counter: Counter = { | |
match register_counter!(opts!( |
fn main() { | |
... | |
let mut metrics_router = Router::new(); | |
metrics_router.get("/metrics", metrics, "get_metrics"); | |
let _metrics = Iron::new(metrics_router).http("127.0.0.1:3001"); | |
audit_event( | |
ServerEvents::Start, | |
&format!("New instance of secret-server started: {}", *SPIFFE_ID), | |
); |
- name: simple-secrets-metrics | |
address: | |
socket_address: { address: 0.0.0.0, port_value: 10000 } | |
... | |
tls_context: | |
common_tls_context: | |
tls_params: | |
ecdh_curves: "X25519:P-256:P-521:P-384" | |
tls_certificates: | |
certificate_chain: { "filename": "/certs/svid.pem" } |
// Check password | |
if !verify_password(&user_info) { | |
audit_event( | |
ServerEvents::LoginFailureInvalidPassword, | |
&format!( | |
"Login failure for user {} due to invalid password", | |
user_info.username | |
), | |
); | |
unsuccessful_login_counter.inc(); |
static_resources: | |
listeners: | |
- name: fluentd | |
address: | |
socket_address: { address: 127.0.0.1, port_value: 24224 } | |
filter_chains: | |
- filters: | |
- name: envoy.tcp_proxy | |
config: | |
stat_prefix: ingress_tcp |
static_resources: | |
listeners: | |
- name: fluentd | |
address: | |
socket_address: { address: 0.0.0.0, port_value: 24224 } | |
filter_chains: | |
- filters: | |
- name: envoy.tcp_proxy | |
config: | |
stat_prefix: ingress_tcp |
#!/bin/bash | |
# PLEASE DON'T DO THIS | |
set -x | |
for addr in $(nmap -n -sL 192.168.1.0/24 | grep "Nmap scan report" | awk '{print $NF}') | |
do | |
curl -G --connect-timeout 1 http://${addr}/metrics > ${addr} | |
done |
static_resources: | |
listeners: | |
- name: listener_0 | |
address: | |
socket_address: { address: 0.0.0.0, port_value: 10000 } | |
... | |
clusters: | |
- name: secrets-metrics | |
... | |
tls_context: |
--- | |
apiVersion: apps/v1 | |
kind: StatefulSet | |
metadata: | |
name: spire-server | |
namespace: spire | |
labels: | |
app: spire-server | |
spec: | |
selector: |