Skip to content

Instantly share code, notes, and snippets.

View infamousjoeg's full-sized avatar
🙊
I'm really good at keeping secrets.

Joe Garcia infamousjoeg

🙊
I'm really good at keeping secrets.
341 followers · 130 following
View GitHub Profile
@infamousjoeg
infamousjoeg / conjur_credtype_injector.yml
Last active October 17, 2023 15:21
Ansible Playbook using cyberark.conjur.conjur_variable to retrieve secrets from CyberArk Conjur
extra_vars:
CONJUR_ACCOUNT: '{{ conjur_account }}'
CONJUR_APPLIANCE_URL: '{{ conjur_appliance_url }}'
CONJUR_AUTHN_LOGIN: '{{ conjur_authn_login }}'
CONJUR_AUTHN_API_KEY: '{{ conjur_authn_api_key }}'
@infamousjoeg
infamousjoeg / exportData.ps1
Last active October 17, 2023 13:13
Export Safe, Safe Members, and Accounts from CyberArk Self-Hosted PAM using psPAS & PowerShell
# Check if the psPAS module is already installed
if (-not (Get-Module -ListAvailable -Name psPAS)) {
# If not, install the module
Install-Module -Name psPAS -Repository PSGallery -Force -Scope CurrentUser
# Check if the module was successfully installed before importing
if (-not (Get-Module -ListAvailable -Name psPAS)) {
Write-Output "ERROR: Failed to install the psPAS module. Please install manually from https://pspas.pspete.dev/docs/install."
return
}
@infamousjoeg
infamousjoeg / psPAS-OneLiners.ps1
Last active October 17, 2023 13:13
Collection of helpful psPAS one-liners
# Before every one-liner before, remember to import the psPAS module and create a new PAS session (unless you're already logged in.) https://github.com/pspete/psPAS
Import-Module psPAS
# You no longer have to consume the session token for later use as of psPAS v3+
New-PASSession -BaseURI https://cyberark.joegarcia.dev -Type ldap -Credential $(Get-Credential)
###########################################
# List Safe Members by Specific Permission
@infamousjoeg
infamousjoeg / app_registration.md
Last active October 13, 2023 19:51
AzureAD Application Registration Script Explanation for CyberArk Secrets Hub

This script is written in PowerShell and is used for managing Azure resources. It's designed to automate the process of creating an application registration in Azure Active Directory, granting it permissions to a Key Vault in Azure, and handling various checks and error scenarios along the way. Here's a breakdown:

  1. Setting up Parameters and Preferences:

    • It starts by defining mandatory parameters that need to be passed when the script is called: $AppClientDisplayName, $KeyVaultName, and $ResourceGroupName.
    • $ErrorActionPreference = "Stop": This line sets the preference for how to handle errors in the script. "Stop" means that the script will stop executing as soon as there's an error.

  2. Checking Resource Group Existence:

    • The script checks if the specified Azure Resource Group exists. If it doesn't, the script throws an error and stops execution.

  3. Checking for Existing Application and Key Vault:

@infamousjoeg
infamousjoeg / main.py
Created October 3, 2023 16:29
OSUser authentication from ADBridged Linux host to CyberArk CCP
import requests
from requests_negotiate import HTTPNegotiateAuth
import urllib3
import urllib.parse
import os
import re
import subprocess
urllib3.disable_warnings()
@infamousjoeg
infamousjoeg / delete_gitlab_projects.sh
Created September 29, 2023 16:38
GitLab Delete Projects with Last Activity Before Specific Date
#!/bin/bash
# Set your personal access token here
personalAccessToken="<personal-access-token>"
# Get the list of project IDs for owned projects with last activity before 2020-01-01
project_ids=$(curl --header "PRIVATE-TOKEN: $personalAccessToken" "https://gitlab.com/api/v4/projects?simple=true&per_page=100&owned=true&last_activity_before=2020-01-01T00:00:00Z" | jq -r '.[] | select(.last_activity_at < "2020-01-01T00:00:00Z") | .id')
# Loop through each project ID and delete the project
for project_id in $project_ids; do
@infamousjoeg
infamousjoeg / CyberArk_UpdatePort.ps1
Created September 7, 2023 16:29
Search CyberArk for Port Number and Update to New Port Number in PowerShell
# Global Variables
$baseUrl = "https://cyberark.joegarcia.dev" # CHANGE ME
$authType = "ldap" # CHANGE ME
$portToSearchFor = 3306 # CHANGE ME
$newPortValue = 3307 # CHANGE ME
# Logon Variables
$credentials = Get-Credential
$logonRequestUri = "${baseUrl}/PasswordVault/api/auth/${authType}/logon"
$logoffRequestUri = "${baseUrl}/PasswordVault/api/auth/logoff"
@infamousjoeg
infamousjoeg / Get-SignedHeaders.ps1
Last active May 15, 2023 16:18
PowerShell AWS STS Signed Headers w/ Conjur's authn-iam
# Please note that this script uses a C# helper class for HMAC-SHA256 calculations.
# This is because PowerShell does not natively support this kind of operations.
# Also, this script assumes that you are calling Get-SignedHeaders with the proper
# parameters to generate your signed headers.
# Create a C# class for HMACSHA256 Helper which is used to compute HMACSHA256 hash
Add-Type -TypeDefinition @"
using System;
using System.Text;
using System.Security.Cryptography;
@infamousjoeg
infamousjoeg / conjur-cloud_ca-chain.pem
Created May 11, 2023 14:53
Conjur Cloud's Public CA Certificate Chain
-----BEGIN CERTIFICATE-----
MIIGaTCCBVGgAwIBAgIMLE46kHnIkjumcKGzMA0GCSqGSIb3DQEBCwUAMFAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1H
bG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yMzAzMDcxODIxMDNaFw0y
NDA0MDcxODIxMDJaMHQxCzAJBgNVBAYTAklMMRAwDgYDVQQIEwdDZW50cmFsMRQw
EgYDVQQHEwtQZXRhaCBUaWt2YTEfMB0GA1UEChMWQ1lCRVJBUksgU09GVFdBUkUg
TFRELjEcMBoGA1UEAwwTKi5pZC5jeWJlcmFyay5jbG91ZDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALMsbfmGh5jHr2BvzR5fWvbbdhRgLo8hyHcyjkhy
OeFAGEL/r8dIyUyKl0iqbdC4/aSxytjdUqn4pGTb5wpMUfS2qdRy+531OPLi7Ls4
hKELheugWNCY99IDGxdwxTAm/EtnK3PX6KEzCQukGQVg/r4H41pY0YSbepAwcZRj
@infamousjoeg
infamousjoeg / GrantHostID.yaml
Created May 5, 2023 17:17
Grant OpenShift App authz to PAM Vault secrets and push to K8s Secrets
# Load into root branch
- !grant
role: !group SyncVault/LOB_POC/SafeName/delegation/consumers
member: !host data/cd/kubernetes/dev-team-1/applications/k8s-secrets-app1