infamousjoeg

# Before running this script, make sure psPAS is installed by running:
# Install-Module psPAS

Import-Module psPAS

$BaseURI = Read-Host "Enter the Base URL (e.g. https://pvwa.example.com)"
$Type = Read-Host "Enter the Authentication Type [cyberark], ldap, radius"
if (!$Type) {
    $Type = "cyberark"
}

infamousjoeg

# Import PowerShell module psPAS, if it doesn't exist, install it
Import-Module psPAS -ErrorAction SilentlyContinue
if ($LASTEXITCODE -ne 0) {
    Install-Module psPAS -Force
    Import-Module psPAS
}

$baseURL = Read-Host "Enter the base URL of your CyberArk instance"
$authType = Read-Host "Enter the authentication type (CyberArk, LDAP)"
$credential = Get-Credential

infamousjoeg

############
# This PowerShell script was translated using OpenAI's code-davinci-002 model
# against the original Python source code. https://beta.openai.com/playground?model=code-davinci-002
#
# https://github.com/vinceblake/cyberark-mfa-no-gui-example/blob/master/SAML-Get-MFA-Caching-Key.py
############

# SET THESE VARIABLES
$ispss_subdomain = "example"
$username = "user@example.com"

infamousjoeg

set +x
echo "$CONJUR_SECRET" > "$WORKSPACE"/private.key
set -x
chmod 0600 "$WORKSPACE"/private.key
sed -i 's/\r$//g' "$WORKSPACE"/private.key
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $WORKSPACE/private.key -F /dev/null"
git clone git@github.com:infamousjoeg/epa-poc.git

infamousjoeg

AWSTemplateFormatVersion: '2010-09-09'
Description: Creates an empty SQL Server RDS database as an example for automated deployments.
Parameters:
  SqlServerInstanceName:
    NoEcho: 'false'
    Description: RDS SQL Server Instance Name
    Type: String
    Default: SqlRdsDB
    MinLength: '1'
    MaxLength: '63'

infamousjoeg

node {
    stages {
        stage('Checkout SCM') {
            steps {
                withCredentials([
                    conjurSecretCredential(credentialsId: 'scm/bitbucket/jenkins/username', variable: 'BITBUCKET_USER'),
                    conjurSecretCredential(credentialsId: 'scm/bitbucket/jenkins/password', variable: 'BITBUCKET_PASS')
                ]) {
                    git url: 'https://${BITBUCKET_USER}:${BITBUCKET_PASS}@bitbuckethost.com/scm/my-repo.git'
                }

infamousjoeg

Conjur POC

Jenkins Integration Runbook

Conjur Configurator

Enable JWT Authenticator for Jenkins

1. Run ./setup.sh.
2. Select 1 to Import Previous Configuration.

infamousjoeg

export CONJUR_ACCOUNT=poc
export CONJUR_APPLIANCE_URL=https://ec2-00-00-00-00.compute-1.amazonaws.com
export CONJUR_CERT_FILE=conjur-poc.pem
export CONJUR_AUTHN_LOGIN=admin
export CONJUR_AUTHN_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

infamousjoeg

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: k8s-secrets-provider-account
  namespace: conjur
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:

infamousjoeg

Certificates on their own are only public pieces of information. What links a public key certificate to the name it contains is the fact that whoever has legitimate control over that name (e.g. your name or your server's name) also has the private key for it.

Certificates are used to prove the identity of the remote party by challenging the remote party to perform an operation that can only be done with the corresponding private key: signing something (which can be verified with the public key) or deciphering something that was encrypted with the public key. (Both can happen in the SSL/TLS handshake, depending on the cipher suite.)

During the SSL/TLS handshake, the server sends its certificate (in clear) and proves to the client that it has the corresponding private key using an authenticated key exchange.

In this case, they also want to use client-certificate authentication. It's not enough to send the client certificate during the handshake: the cl