Skip to content

Instantly share code, notes, and snippets.

View infamousjoeg's full-sized avatar
I'm really good at keeping secrets.

Joe Garcia infamousjoeg

I'm really good at keeping secrets.
View GitHub Profile
infamousjoeg /
Last active October 23, 2023 14:11
Sample Terraform Manifest for cyberark/conjur
variable "conjur_appliance_url" {}
variable "conjur_login" {}
variable "conjur_api_key" {}
provider "conjur" {
appliance_url = var.conjur_appliance_url
account = "conjur"
login = var.conjur_login
api_key = var.conjur_api_key
infamousjoeg / conjur_credtype_injector.yml
Last active October 17, 2023 15:21
Ansible Playbook using cyberark.conjur.conjur_variable to retrieve secrets from CyberArk Conjur
View conjur_credtype_injector.yml
CONJUR_ACCOUNT: '{{ conjur_account }}'
CONJUR_APPLIANCE_URL: '{{ conjur_appliance_url }}'
CONJUR_AUTHN_LOGIN: '{{ conjur_authn_login }}'
CONJUR_AUTHN_API_KEY: '{{ conjur_authn_api_key }}'
infamousjoeg /
Last active October 13, 2023 19:51
AzureAD Application Registration Script Explanation for CyberArk Secrets Hub

This script is written in PowerShell and is used for managing Azure resources. It's designed to automate the process of creating an application registration in Azure Active Directory, granting it permissions to a Key Vault in Azure, and handling various checks and error scenarios along the way. Here's a breakdown:

  1. Setting up Parameters and Preferences:

    • It starts by defining mandatory parameters that need to be passed when the script is called: $AppClientDisplayName, $KeyVaultName, and $ResourceGroupName.
    • $ErrorActionPreference = "Stop": This line sets the preference for how to handle errors in the script. "Stop" means that the script will stop executing as soon as there's an error.
  2. Checking Resource Group Existence:

    • The script checks if the specified Azure Resource Group exists. If it doesn't, the script throws an error and stops execution.
  3. Checking for Existing Application and Key Vault:

infamousjoeg /
Created October 3, 2023 16:29
OSUser authentication from ADBridged Linux host to CyberArk CCP
import requests
from requests_negotiate import HTTPNegotiateAuth
import urllib3
import urllib.parse
import os
import re
import subprocess
infamousjoeg /
Created September 29, 2023 16:38
GitLab Delete Projects with Last Activity Before Specific Date
# Set your personal access token here
# Get the list of project IDs for owned projects with last activity before 2020-01-01
project_ids=$(curl --header "PRIVATE-TOKEN: $personalAccessToken" "" | jq -r '.[] | select(.last_activity_at < "2020-01-01T00:00:00Z") | .id')
# Loop through each project ID and delete the project
for project_id in $project_ids; do
infamousjoeg / exportData.ps1
Last active October 17, 2023 13:13
Export Safe, Safe Members, and Accounts from CyberArk Self-Hosted PAM using psPAS & PowerShell
View exportData.ps1
# Check if the psPAS module is already installed
if (-not (Get-Module -ListAvailable -Name psPAS)) {
# If not, install the module
Install-Module -Name psPAS -Repository PSGallery -Force -Scope CurrentUser
# Check if the module was successfully installed before importing
if (-not (Get-Module -ListAvailable -Name psPAS)) {
Write-Output "ERROR: Failed to install the psPAS module. Please install manually from"
infamousjoeg / CyberArk_UpdatePort.ps1
Created September 7, 2023 16:29
Search CyberArk for Port Number and Update to New Port Number in PowerShell
View CyberArk_UpdatePort.ps1
# Global Variables
$baseUrl = "" # CHANGE ME
$authType = "ldap" # CHANGE ME
$portToSearchFor = 3306 # CHANGE ME
$newPortValue = 3307 # CHANGE ME
# Logon Variables
$credentials = Get-Credential
$logonRequestUri = "${baseUrl}/PasswordVault/api/auth/${authType}/logon"
$logoffRequestUri = "${baseUrl}/PasswordVault/api/auth/logoff"
infamousjoeg / AIMCCPClientCert.ps1
Last active September 6, 2023 15:58
CCP GetPassword in PowerShell with Client Certificate
View AIMCCPClientCert.ps1
# Set request variables
$baseURL = ""
$appID = "Ansible"
$safe = "D-Win-SvcAccts"
$object = "Operating"
# Define the certificate thumbprint
# Retrieve the certificate from Current User's Personal certificate store
infamousjoeg / Get-SignedHeaders.ps1
Last active May 15, 2023 16:18
PowerShell AWS STS Signed Headers w/ Conjur's authn-iam
View Get-SignedHeaders.ps1
# Please note that this script uses a C# helper class for HMAC-SHA256 calculations.
# This is because PowerShell does not natively support this kind of operations.
# Also, this script assumes that you are calling Get-SignedHeaders with the proper
# parameters to generate your signed headers.
# Create a C# class for HMACSHA256 Helper which is used to compute HMACSHA256 hash
Add-Type -TypeDefinition @"
using System;
using System.Text;
using System.Security.Cryptography;
infamousjoeg / conjur-cloud_ca-chain.pem
Created May 11, 2023 14:53
Conjur Cloud's Public CA Certificate Chain
View conjur-cloud_ca-chain.pem