Skip to content

Instantly share code, notes, and snippets.

View infamousjoeg's full-sized avatar
🙊
I'm really good at keeping secrets.

Joe Garcia infamousjoeg

🙊
I'm really good at keeping secrets.
View GitHub Profile
@infamousjoeg
infamousjoeg / event.json
Last active December 20, 2023 17:40
Sample CreateSecret CloudWatch Event
{
"version": "0",
"id": "4725d455-933f-495b-56d9-5ab003cd633f",
"detail-type": "AWS API Call via CloudTrail",
"source": "aws.secretsmanager",
"account": "123456789012",
"time": "2023-12-20T14:39:19Z",
"region": "us-east-1",
"resources": [],
"detail": {
@infamousjoeg
infamousjoeg / main.tf
Last active October 23, 2023 14:11
Sample Terraform Manifest for cyberark/conjur
variable "conjur_appliance_url" {}
variable "conjur_login" {}
variable "conjur_api_key" {}
provider "conjur" {
appliance_url = var.conjur_appliance_url
account = "conjur"
login = var.conjur_login
api_key = var.conjur_api_key
}
@infamousjoeg
infamousjoeg / conjur_credtype_injector.yml
Last active October 17, 2023 15:21
Ansible Playbook using cyberark.conjur.conjur_variable to retrieve secrets from CyberArk Conjur
extra_vars:
CONJUR_ACCOUNT: '{{ conjur_account }}'
CONJUR_APPLIANCE_URL: '{{ conjur_appliance_url }}'
CONJUR_AUTHN_LOGIN: '{{ conjur_authn_login }}'
CONJUR_AUTHN_API_KEY: '{{ conjur_authn_api_key }}'
@infamousjoeg
infamousjoeg / app_registration.md
Last active October 13, 2023 19:51
AzureAD Application Registration Script Explanation for CyberArk Secrets Hub

This script is written in PowerShell and is used for managing Azure resources. It's designed to automate the process of creating an application registration in Azure Active Directory, granting it permissions to a Key Vault in Azure, and handling various checks and error scenarios along the way. Here's a breakdown:

  1. Setting up Parameters and Preferences:

    • It starts by defining mandatory parameters that need to be passed when the script is called: $AppClientDisplayName, $KeyVaultName, and $ResourceGroupName.
    • $ErrorActionPreference = "Stop": This line sets the preference for how to handle errors in the script. "Stop" means that the script will stop executing as soon as there's an error.
  2. Checking Resource Group Existence:

    • The script checks if the specified Azure Resource Group exists. If it doesn't, the script throws an error and stops execution.
  3. Checking for Existing Application and Key Vault:

@infamousjoeg
infamousjoeg / main.py
Created October 3, 2023 16:29
OSUser authentication from ADBridged Linux host to CyberArk CCP
import requests
from requests_negotiate import HTTPNegotiateAuth
import urllib3
import urllib.parse
import os
import re
import subprocess
urllib3.disable_warnings()
@infamousjoeg
infamousjoeg / delete_gitlab_projects.sh
Created September 29, 2023 16:38
GitLab Delete Projects with Last Activity Before Specific Date
#!/bin/bash
# Set your personal access token here
personalAccessToken="<personal-access-token>"
# Get the list of project IDs for owned projects with last activity before 2020-01-01
project_ids=$(curl --header "PRIVATE-TOKEN: $personalAccessToken" "https://gitlab.com/api/v4/projects?simple=true&per_page=100&owned=true&last_activity_before=2020-01-01T00:00:00Z" | jq -r '.[] | select(.last_activity_at < "2020-01-01T00:00:00Z") | .id')
# Loop through each project ID and delete the project
for project_id in $project_ids; do
@infamousjoeg
infamousjoeg / exportData.ps1
Last active October 17, 2023 13:13
Export Safe, Safe Members, and Accounts from CyberArk Self-Hosted PAM using psPAS & PowerShell
# Check if the psPAS module is already installed
if (-not (Get-Module -ListAvailable -Name psPAS)) {
# If not, install the module
Install-Module -Name psPAS -Repository PSGallery -Force -Scope CurrentUser
# Check if the module was successfully installed before importing
if (-not (Get-Module -ListAvailable -Name psPAS)) {
Write-Output "ERROR: Failed to install the psPAS module. Please install manually from https://pspas.pspete.dev/docs/install."
return
}
@infamousjoeg
infamousjoeg / CyberArk_UpdatePort.ps1
Created September 7, 2023 16:29
Search CyberArk for Port Number and Update to New Port Number in PowerShell
# Global Variables
$baseUrl = "https://cyberark.joegarcia.dev" # CHANGE ME
$authType = "ldap" # CHANGE ME
$portToSearchFor = 3306 # CHANGE ME
$newPortValue = 3307 # CHANGE ME
# Logon Variables
$credentials = Get-Credential
$logonRequestUri = "${baseUrl}/PasswordVault/api/auth/${authType}/logon"
$logoffRequestUri = "${baseUrl}/PasswordVault/api/auth/logoff"
@infamousjoeg
infamousjoeg / AIMCCPClientCert.ps1
Last active January 24, 2024 17:51
CCP GetPassword in PowerShell with Client Certificate
# Set request variables
$baseURL = "https://cyberark.joegarcia.dev"
$appID = "Ansible"
$safe = "D-Win-SvcAccts"
$object = "Operating System-WinDomain-joegarcia.dev-Svc_SSIS"
# Define the certificate thumbprint
$thumbprint = "INSERT_CERTIFICATE_THUMBPRINT_HERE"
# Retrieve the certificate from Current User's Personal certificate store
@infamousjoeg
infamousjoeg / Get-SignedHeaders.ps1
Last active May 15, 2023 16:18
PowerShell AWS STS Signed Headers w/ Conjur's authn-iam
# Please note that this script uses a C# helper class for HMAC-SHA256 calculations.
# This is because PowerShell does not natively support this kind of operations.
# Also, this script assumes that you are calling Get-SignedHeaders with the proper
# parameters to generate your signed headers.
# Create a C# class for HMACSHA256 Helper which is used to compute HMACSHA256 hash
Add-Type -TypeDefinition @"
using System;
using System.Text;
using System.Security.Cryptography;