Skip to content

Instantly share code, notes, and snippets.

View hikerspath's full-sized avatar
:shipit:
git'er dun mate... git'er dun.

Brian Burnett hikerspath

:shipit:
git'er dun mate... git'er dun.
8 followers · 17 following
View GitHub Profile
@hikerspath
hikerspath / Article-BasicSharedKeyEncryption.md
Last active February 10, 2024 14:16
Probably one of the more difficult experiences I've encountered with terraform, has been that of secrets management, as sensitive data is a first-class citizen, actually performing said encryption is left to a third-party service, and all of these refuse to acknowledge the shared credential... till now.

Article: Basic Shared Key Encryption (For Terraform)

Probably one of the more difficult experiences I've encountered with terraform, has been that of secrets management, as sensitive data is a first-class citizen, actually performing said encryption is left to a third-party service, and most of the third-party services one would use don't allow for one particular type of handling. The shared credential has long been the bastard of passwords, because it is typically only used when performing integration work on a request basis. Well, turns out Terraform has you covered there also!

The Function

rsadecrypt is a terraform function that decrypts an RSA-encrypted ciphertext, returning the cleartext.

rsadecrypt(ciphertext, privatekey)
@hikerspath
hikerspath / __recipes-drone.io.md
Last active January 11, 2022 15:06
Recipes (drone.io)

The gist of this is code snippets for drone build pipelines. Nothing uber-secret here and most (if not all) of these are publically available images. If you've never built anything with drone, check out drone.io now, if this is not your first rodeo, enjoy the code.

@hikerspath
hikerspath / Integromat - Slack to OpsGenie.md
Last active October 7, 2019 15:46
So the goal here is to be able to create a toolset that will be re-usable based on the reporting webhook from slack and split-processing it both into an OpsGenie Page for those that would like to have advanced notification and into a specially format

1. Create Automation Senario

This step will create the automation pipeline in order of operation.

1.1. Webhook Trigger (In Integromat)

In integromat, create a new senario and add a webhook trigger:

  1. After creating a senario, click on the ? bubble to define the triggering action.
  2. Add a 'Custom webhook' trigger as the first step in the automation pipeline. This will be an INSTANT trigger that will execute whenever integromat receives data.
  3. Configure a new inbound webhook called Slack - Outgoing Webhook so you will know what will be sending data inbound.
  4. Set 'Max number of results' to 3
  5. Copy the actual hook address (EX: https://hook.integromat.com/____hash____) as you will need it in the next step.
@hikerspath
hikerspath / OpsGenie - Copy Templated Integration to Teams.sh
Created May 8, 2019 19:10
Because, sometimes you just need to copy something... to a bunch of places... and you DON'T want to create all the rules again... ever...
# Get Actions Template (For API)
curl -sXGET -H "Authorization: GenieKey $API_OPSGENIE" https://api.opsgenie.com/v2/integrations/__INTEGRATION_ID_TO_COPY__/actions | jq -c '.data | del(._parent)' >integrationActions.json
# Loop ALL Teams
for team in alpha bravo charlie delta epsilon; do
# Create API
jsonCreate=$(curl -sXPOST -H "Authorization: GenieKey $API_OPSGENIE" -H 'Content-Type: application/json' https://api.opsgenie.com/v2/integrations \
-d "{
\"enabled\": true,
@hikerspath
hikerspath / Automator - Jira Bug Templates.txt
Created April 19, 2019 18:25
So here you would create 2 separate "Services" using the "Run AppleScript" builder in Automator. Call them what you want, only I would suggest labling them so that you are able to make distinction when it comes to setting up keyboard shortcuts. By
on run {input, parameters} set dateString to do shell script "date +'%Y-%m-%d'" tell application "System Events" keystroke "{panel:title=Observed Behaviour}" key code 36 keystroke "__observed_behaviour__" key code 36 key code 36 keystroke "{panel}" key code 36 key code 36 keystroke "{panel:title=Steps to Reproduce}" key code 36 keystroke "- __steps__" key code 36 key code 36 keystroke "{panel}" key code 36 key code 36 keystroke "{panel:title=Expected Behaviour}" key code 36 keystroke "__expected_behaviour__" key code 36 key code 36 keystroke "{panel}" key code 36 key code 36 keystroke "{panel:title=Reports}" key code 36 keystroke "||Date||Team||Team Member||Details" key code 36 keystroke "|" & dateString & "|__team__|__reporter_name__|__details__" key code 36 key code 36 keystroke "{panel}" key code 36 key code 36 keystroke "{panel:title=Notes}" key code 36 keyst
@hikerspath
hikerspath / Terraform - KMS Secrets.tf
Last active May 22, 2019 19:38
Encryption and decryption using KMS can occaisonally be a chore, but it does allow easy. It can be used in terraform as follows: `"${data.aws_kms_secrets.service.plaintext["rds_password"]}"`
//
// KMS: Password used for RDS Database Setup (ID: alias/infrastructure)
// aws kms list-aliases
// aws kms encrypt --key-id __KEY__ --plaintext '__PASSWORD__' --output text --query CiphertextBlob
// aws kms decrypt --ciphertext-blob fileb:///path/to/file.blob --output text --query Plaintext | base64 -D
//
data "aws_kms_secrets" "service" {
secret {
name = "rds_password"
payload = "___REDACTED_BASE64_BLOB___"
@hikerspath
hikerspath / Kubernetes - Running Test Containers.md
Last active January 10, 2022 16:58
So you have a kubernetes cluster and an RDS database, but you also have a laptop that would be SUPER helpful if you could figure out how to get into the RDS instance that has IP restrictions enabled to prevent access from anywhere while you are on yo

First lets undertand how the command is constructed

$ kubectl run -it --rm --restart=Never --image=mysql:5.6 mysql-client — \
  mysql -h mwmobile.db.main.staging.mobile.meltwater.io -P 3306 -u root -p$PASSWORD
$ kubectl run -it --rm --restart=Never --image=meltwaterfoundation/drone-git bash — \
  bash
#    ^     ^   ^^   ^           ^             ^                               ^
#    |     |   ||   |           |             |                            Pod Name
#    |     |   ||   |           |             +--------------------------- Image
@hikerspath
hikerspath / Terraform - ACM With DNS Validation.tf
Last active April 17, 2019 15:37
So here we have the goal of creating a cert in terraform that will allow us to also automagically do the DNS validation for the same. ONLY caveat for this is if you are using Cloudfront you would have to do this in us-east-1. Idea for this then wou
# ------------------------------------------------------------
# Discover Zone Information for DNS Domain
# ------------------------------------------------------------
data "aws_route53_zone" "public" {
name = "${var.app_dns_domain}"
}
# ------------------------------------------------------------
# ACM Certificate Creation
# ------------------------------------------------------------
@hikerspath
hikerspath / Integromat - Slack to OpsGenie and Jira.md
Last active April 26, 2019 19:29
So the goal here is to be able to create a toolset that will be re-usable based on the reporting webhook from slack and split-processing it both into an OpsGenie Page for those that would like to have advanced notification and into a specially format

1. Create Automation Senario

This step will create the automation pipeline in order of operation.

1.1. Webhook Trigger (In Integromat)

In integromat, create a new senario and add a webhook trigger:

  1. After creating a senario, click on the ? bubble to define the triggering action.
  2. Add a 'Custom webhook' trigger as the first step in the automation pipeline. This will be an INSTANT trigger that will execute whenever integromat receives data.
  3. Configure a new inbound webhook called Slack - Outgoing Webhook so you will know what will be sending data inbound.
  4. Set 'Max number of results' to 3
  5. Copy the actual hook address (EX: https://hook.integromat.com/____hash____) as you will need it in the next step.
@hikerspath
hikerspath / K8S ConfigMap File vs Dir
Last active April 8, 2019 20:32
So say you need to allow your container to write to the very directory you also need to place a file using configmaps in Kubernetes... NO PROBLEM! First, you create your configmap from the file desired, then reference it in your configurations:
$ kubectl create configmap app-license --from-file=/tmp/license.jwt