- Run
./setup.sh
. - Select
1
to Import Previous Configuration.
# Before running this script, make sure psPAS is installed by running: | |
# Install-Module psPAS | |
Import-Module psPAS | |
$BaseURI = Read-Host "Enter the Base URL (e.g. https://pvwa.example.com)" | |
$Type = Read-Host "Enter the Authentication Type [cyberark], ldap, radius" | |
if (!$Type) { | |
$Type = "cyberark" | |
} |
# Import PowerShell module psPAS, if it doesn't exist, install it | |
Import-Module psPAS -ErrorAction SilentlyContinue | |
if ($LASTEXITCODE -ne 0) { | |
Install-Module psPAS -Force | |
Import-Module psPAS | |
} | |
$baseURL = Read-Host "Enter the base URL of your CyberArk instance" | |
$authType = Read-Host "Enter the authentication type (CyberArk, LDAP)" | |
$credential = Get-Credential |
############ | |
# This PowerShell script was translated using OpenAI's code-davinci-002 model | |
# against the original Python source code. https://beta.openai.com/playground?model=code-davinci-002 | |
# | |
# https://github.com/vinceblake/cyberark-mfa-no-gui-example/blob/master/SAML-Get-MFA-Caching-Key.py | |
############ | |
# SET THESE VARIABLES | |
$ispss_subdomain = "example" | |
$username = "user@example.com" |
set +x | |
echo "$CONJUR_SECRET" > "$WORKSPACE"/private.key | |
set -x | |
chmod 0600 "$WORKSPACE"/private.key | |
sed -i 's/\r$//g' "$WORKSPACE"/private.key | |
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $WORKSPACE/private.key -F /dev/null" | |
git clone git@github.com:infamousjoeg/epa-poc.git |
AWSTemplateFormatVersion: '2010-09-09' | |
Description: Creates an empty SQL Server RDS database as an example for automated deployments. | |
Parameters: | |
SqlServerInstanceName: | |
NoEcho: 'false' | |
Description: RDS SQL Server Instance Name | |
Type: String | |
Default: SqlRdsDB | |
MinLength: '1' | |
MaxLength: '63' |
node { | |
stages { | |
stage('Checkout SCM') { | |
steps { | |
withCredentials([ | |
conjurSecretCredential(credentialsId: 'scm/bitbucket/jenkins/username', variable: 'BITBUCKET_USER'), | |
conjurSecretCredential(credentialsId: 'scm/bitbucket/jenkins/password', variable: 'BITBUCKET_PASS') | |
]) { | |
git url: 'https://${BITBUCKET_USER}:${BITBUCKET_PASS}@bitbuckethost.com/scm/my-repo.git' | |
} |
export CONJUR_ACCOUNT=poc | |
export CONJUR_APPLIANCE_URL=https://ec2-00-00-00-00.compute-1.amazonaws.com | |
export CONJUR_CERT_FILE=conjur-poc.pem | |
export CONJUR_AUTHN_LOGIN=admin | |
export CONJUR_AUTHN_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: k8s-secrets-provider-account | |
namespace: conjur | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: Role | |
metadata: |
Certificates on their own are only public pieces of information. What links a public key certificate to the name it contains is the fact that whoever has legitimate control over that name (e.g. your name or your server's name) also has the private key for it.
Certificates are used to prove the identity of the remote party by challenging the remote party to perform an operation that can only be done with the corresponding private key: signing something (which can be verified with the public key) or deciphering something that was encrypted with the public key. (Both can happen in the SSL/TLS handshake, depending on the cipher suite.)
During the SSL/TLS handshake, the server sends its certificate (in clear) and proves to the client that it has the corresponding private key using an authenticated key exchange.
In this case, they also want to use client-certificate authentication. It's not enough to send the client certificate during the handshake: the cl