Skip to content

Instantly share code, notes, and snippets.

View infamousjoeg's full-sized avatar
I'm really good at keeping secrets.

Joe Garcia infamousjoeg

I'm really good at keeping secrets.
View GitHub Profile
infamousjoeg /
Created May 15, 2024 14:48
How to use a custom Terraform provider that was built from source

To use a custom version of the cyberark/conjur provider in Terraform, you would follow a similar procedure to what was previously described but tailored specifically for this provider. Here are the detailed steps to set up the cyberark/conjur provider that has been compiled from source:

  1. Compile the Provider: Start by ensuring you have the source code for the CyberArk Conjur provider. You can typically find this on GitHub under the CyberArk organization. After obtaining the code, compile it using Go. Navigate to the directory containing the provider's source code and run:

    go build

    This command compiles the provider into an executable binary.

  2. Create the Directory Structure: You need to place the compiled provider binary in a specific directory structure that Terraform recognizes. The path should be structured as follows:

infamousjoeg / CreateTestUsers.ps1
Created April 25, 2024 16:18
PowerShell script that creates test users for CyberArk Identity Security Platform SaaS
# Import PowerShell module psPAS, if it doesn't exist, install it
Import-Module psPAS -ErrorAction SilentlyContinue
if ($LASTEXITCODE -ne 0) {
Install-Module psPAS -Force
Import-Module psPAS
# Import PowerShell module IdentityCommand, if it doesn't exist, install it
Import-Module IdentityCommand -ErrorAction SilentlyContinue
if ($LASTEXITCODE -ne 0) {
infamousjoeg / clusterrolebinding-admin.yaml
Created April 24, 2024 19:23
ClusterRoleBinding admin to ClusterRole system:service-account-issuer-discovery
kind: ClusterRoleBinding
name: admin-service-account-issuer-discovery
- kind: User
name: # Replace this with your actual admin username
kind: ClusterRole
infamousjoeg / ClientCertCCP.ps1
Created April 11, 2024 15:25
Client Certificate Authentication with Central Credential Provider (CCP) in PowerShell
# Specify the path to your .pfx file and its password
$pfxPath = "/Users/joe.garcia/OneDrive - CyberArk Ltd/Software/Certificates/ccp_clientcert_bundle.pfx"
# Define the URI for the CCP API
$uri = ""
$appId = "Test"
$safe = "TestSafe"
infamousjoeg / connect_networkdevice.yaml
Created April 10, 2024 16:39
Ansible Automation Platform with CCP for Dynamic Secrets to Network Device
- hosts: all
gather_facts: no
- block:
- name: Retrieve Password from CyberArk
api_base_url: "{{ ccp_base_url }}"
app_id: "{{ ccp_app_id }}"
infamousjoeg /
Created April 9, 2024 15:24
CyberArk Identity Security Platform - Bash Examples
vibe_check() {
# Check if jq is installed
if ! command -v jq &> /dev/null; then
echo "jq is not installed"
exit 1
# Check if curl is installed
infamousjoeg / event.json
Last active December 20, 2023 17:40
Sample CreateSecret CloudWatch Event
"version": "0",
"id": "4725d455-933f-495b-56d9-5ab003cd633f",
"detail-type": "AWS API Call via CloudTrail",
"source": "aws.secretsmanager",
"account": "123456789012",
"time": "2023-12-20T14:39:19Z",
"region": "us-east-1",
"resources": [],
"detail": {
infamousjoeg /
Last active October 23, 2023 14:11
Sample Terraform Manifest for cyberark/conjur
variable "conjur_appliance_url" {}
variable "conjur_login" {}
variable "conjur_api_key" {}
provider "conjur" {
appliance_url = var.conjur_appliance_url
account = "conjur"
login = var.conjur_login
api_key = var.conjur_api_key
infamousjoeg / conjur_credtype_injector.yml
Last active October 17, 2023 15:21
Ansible Playbook using cyberark.conjur.conjur_variable to retrieve secrets from CyberArk Conjur
CONJUR_ACCOUNT: '{{ conjur_account }}'
CONJUR_APPLIANCE_URL: '{{ conjur_appliance_url }}'
CONJUR_AUTHN_LOGIN: '{{ conjur_authn_login }}'
CONJUR_AUTHN_API_KEY: '{{ conjur_authn_api_key }}'
infamousjoeg /
Last active October 13, 2023 19:51
AzureAD Application Registration Script Explanation for CyberArk Secrets Hub

This script is written in PowerShell and is used for managing Azure resources. It's designed to automate the process of creating an application registration in Azure Active Directory, granting it permissions to a Key Vault in Azure, and handling various checks and error scenarios along the way. Here's a breakdown:

  1. Setting up Parameters and Preferences:

    • It starts by defining mandatory parameters that need to be passed when the script is called: $AppClientDisplayName, $KeyVaultName, and $ResourceGroupName.
    • $ErrorActionPreference = "Stop": This line sets the preference for how to handle errors in the script. "Stop" means that the script will stop executing as soon as there's an error.
  2. Checking Resource Group Existence:

    • The script checks if the specified Azure Resource Group exists. If it doesn't, the script throws an error and stops execution.
  3. Checking for Existing Application and Key Vault: