-
Display role bindings for conjur-cluster service account token
oc get clusterrolebindings -o json \ | jq '.items | map(select(any(.subjects[]; .name | contains("conjur-cluster"))))'
-
Display conjur-authenticator role information
oc describe clusterrole conjur-authenticator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [[ "$1" == "list" ]]; then | |
echo "Running Instances:" | |
echo "==================" | |
summon --provider ring.py -e aws -f ~/secrets.yml aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | select( .State.Name == "running") | .Tags[] | select ( .Key == "Name" ) | .Value' | |
echo "" | |
echo "Stopped Instances:" | |
echo "==================" | |
summon --provider ring.py -e aws -f ~/secrets.yml aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | select( .State.Name == "stopped") | .Tags[] | select ( .Key == "Name" ) | .Value' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- !policy | |
id: k8s-secrets-demo | |
body: | |
- &secrets | |
- !variable secret1 | |
- !variable secret2 | |
- !host | |
annotations: | |
authn-k8s/namespace: namespace |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: Namespace | |
metadata: | |
name: cyberark-conjur | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: authn-k8s-sa |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: db-credentials | |
namespace: k8s-secrets-app | |
type: Opaque | |
stringData: | |
conjur-map: |- | |
address: cd/kubernetes/db/host |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
APIURL="https://cluster.com" | |
PORT="6443" | |
SERVERNAME="cluster.com" | |
output_prefix="final-" | |
extension="temp" | |
dlfilename="retrieved.pem" | |
pullcerticate_test() { | |
local tofile="$1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
sudo dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm | |
sudo dnf -y upgrade | |
sudo yum install -y snapd | |
sudo systemctl enable --now snapd.socket | |
sudo ln -s /var/lib/snapd/snap /snap | |
sudo reboot now |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Threading; | |
using System.Threading.Tasks; | |
namespace ValidateJWTConsoleApp | |
{ | |
class Helper | |
{ | |
internal static class AsyncHelper | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Conjur policy for authn-jwt using above JWT: | |
--- | |
# authn-jwt endpoint | |
- !policy | |
id: conjur/authn-jwt/c73bf3ef-87e9-48e0-ac85-9c723e6cca39 # <-- Authn ID set to tenant ID | |
body: | |
- !variable jwks-uri # <-- https://login.microsoftonline.com/common/discovery/keys | |
- !variable token-app-property # <-- set to "appid" (actual name of claim) | |
# - !variable identity-path # <-- not needed for id below (policy is applied at root) |