Skip to content

Instantly share code, notes, and snippets.

View infamousjoeg's full-sized avatar
🙊
I'm really good at keeping secrets.

Joe Garcia infamousjoeg

🙊
I'm really good at keeping secrets.
View GitHub Profile
@infamousjoeg
infamousjoeg / GitHubOIDC-CyberArkConjur.md
Created August 15, 2024 13:07
Utilizing GitHub OIDC as an Authentication Method through CyberArk Conjur’s authn-jwt

Utilizing GitHub OIDC as an Authentication Method through CyberArk Conjur’s authn-jwt

Overview: This documentation demonstrates how to use GitHub's OpenID Connect (OIDC) as an authentication method in Conjur Cloud & Self-Hosted Enterprise using the authn-jwt authenticator. The process involves configuring the JWT authenticator, mapping claims from the GitHub OIDC token to annotations in Conjur Cloud, and finally authenticating a workload.


Step 1: Configure GitHub OIDC with JWT Authenticator

  1. Plan the Configuration:
@infamousjoeg
infamousjoeg / authn-iam-ec2.ps1
Created July 9, 2024 19:47
authn-iam PowerShell Example on EC2
# Import the AWS module
Import-Module AWSPowerShell.NetCore
# Define the region
$region = "YOUR_AWS_REGION"
# Function to get temporary security credentials from EC2 instance's IAM role
function Get-TemporaryCredentials {
param (
[string]$region
@infamousjoeg
infamousjoeg / QRadar_WinCollect_APPAudit.md
Created June 6, 2024 12:45
Setup WinCollect agent for QRadar SIEM to consume APPAudit.log for CP, CCP & ASCP

To send data from a flat-file log on a server to QRadar, you need to set up a log source in QRadar to collect and process the logs. Here’s a step-by-step guide to accomplish this:

1. Install WinCollect on the Server

WinCollect is a Windows-based agent provided by IBM for QRadar to collect logs. Here are the steps to install and configure it:

  • Download and Install WinCollect: Download the WinCollect agent from IBM's website and install it on your server.
  • Configure the WinCollect Agent: During installation, configure the agent to point to your QRadar instance.

2. Configure WinCollect to Monitor the Log File

@infamousjoeg
infamousjoeg / customtfprovider.md
Created May 15, 2024 14:48
How to use a custom Terraform provider that was built from source

To use a custom version of the cyberark/conjur provider in Terraform, you would follow a similar procedure to what was previously described but tailored specifically for this provider. Here are the detailed steps to set up the cyberark/conjur provider that has been compiled from source:

  1. Compile the Provider: Start by ensuring you have the source code for the CyberArk Conjur provider. You can typically find this on GitHub under the CyberArk organization. After obtaining the code, compile it using Go. Navigate to the directory containing the provider's source code and run:

    go build
    

    This command compiles the provider into an executable binary.

  2. Create the Directory Structure: You need to place the compiled provider binary in a specific directory structure that Terraform recognizes. The path should be structured as follows:

@infamousjoeg
infamousjoeg / CreateTestUsers.ps1
Created April 25, 2024 16:18
PowerShell script that creates test users for CyberArk Identity Security Platform SaaS
# Import PowerShell module psPAS, if it doesn't exist, install it
Import-Module psPAS -ErrorAction SilentlyContinue
if ($LASTEXITCODE -ne 0) {
Install-Module psPAS -Force
Import-Module psPAS
}
# Import PowerShell module IdentityCommand, if it doesn't exist, install it
Import-Module IdentityCommand -ErrorAction SilentlyContinue
if ($LASTEXITCODE -ne 0) {
@infamousjoeg
infamousjoeg / clusterrolebinding-admin.yaml
Created April 24, 2024 19:23
ClusterRoleBinding admin to ClusterRole system:service-account-issuer-discovery
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-service-account-issuer-discovery
subjects:
- kind: User
name: admin@example.com # Replace this with your actual admin username
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
@infamousjoeg
infamousjoeg / ClientCertCCP.ps1
Created April 11, 2024 15:25
Client Certificate Authentication with Central Credential Provider (CCP) in PowerShell
## USER VARIABLES
#################
# Specify the path to your .pfx file and its password
$pfxPath = "/Users/joe.garcia/OneDrive - CyberArk Ltd/Software/Certificates/ccp_clientcert_bundle.pfx"
# Define the URI for the CCP API
$uri = "https://cyberark.joegarcia.dev/AIMWebService/api/Accounts"
$appId = "Test"
$safe = "TestSafe"
@infamousjoeg
infamousjoeg / connect_networkdevice.yaml
Created April 10, 2024 16:39
Ansible Automation Platform with CCP for Dynamic Secrets to Network Device
- hosts: all
gather_facts: no
tasks:
- block:
- name: Retrieve Password from CyberArk
cyberark.pas.cyberark_credential:
api_base_url: "{{ ccp_base_url }}"
app_id: "{{ ccp_app_id }}"
@infamousjoeg
infamousjoeg / DiscoverAuthn.sh
Created April 9, 2024 15:24
CyberArk Identity Security Platform - Bash Examples
#!/bin/bash
vibe_check() {
# Check if jq is installed
if ! command -v jq &> /dev/null; then
echo "jq is not installed"
exit 1
fi
# Check if curl is installed
@infamousjoeg
infamousjoeg / event.json
Last active December 20, 2023 17:40
Sample CreateSecret CloudWatch Event
{
"version": "0",
"id": "4725d455-933f-495b-56d9-5ab003cd633f",
"detail-type": "AWS API Call via CloudTrail",
"source": "aws.secretsmanager",
"account": "123456789012",
"time": "2023-12-20T14:39:19Z",
"region": "us-east-1",
"resources": [],
"detail": {