-
Display role bindings for conjur-cluster service account token
oc get clusterrolebindings -o json \ | jq '.items | map(select(any(.subjects[]; .name | contains("conjur-cluster"))))' -
Display conjur-authenticator role information
oc describe clusterrole conjur-authenticator
infamousjoeg
/ aws-instances.sh
Last active
March 14, 2022 15:10
Bash Helper Script for AWS Lab using Summon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ "$1" == "list" ]]; then | |
| echo "Running Instances:" | |
| echo "==================" | |
| summon --provider ring.py -e aws -f ~/secrets.yml aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | select( .State.Name == "running") | .Tags[] | select ( .Key == "Name" ) | .Value' | |
| echo "" | |
| echo "Stopped Instances:" | |
| echo "==================" | |
| summon --provider ring.py -e aws -f ~/secrets.yml aws ec2 describe-instances | jq -r '.Reservations[].Instances[] | select( .State.Name == "stopped") | .Tags[] | select ( .Key == "Name" ) | .Value' |
infamousjoeg
/ k8s-secrets-app.yml
Last active
March 2, 2022 13:59
authn-k8s Kubernetes Secrets Application Policy Template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - !policy | |
| id: k8s-secrets-demo | |
| body: | |
| - &secrets | |
| - !variable secret1 | |
| - !variable secret2 | |
| - !host | |
| annotations: | |
| authn-k8s/namespace: namespace |
infamousjoeg
/ cyberark-conjur-authn-k8s-config.yml
Last active
March 1, 2022 22:13
Conjur Authn-K8s - Initial Config Manifest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: cyberark-conjur | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: authn-k8s-sa |
infamousjoeg
/ k8sSecretsProvider.yml
Last active
March 3, 2022 14:17
K8s Secrets Provider Deployment Manifest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: db-credentials | |
| namespace: k8s-secrets-app | |
| type: Opaque | |
| stringData: | |
| conjur-map: |- | |
| address: cd/kubernetes/db/host |
infamousjoeg
/ debugging_info.md
Created
February 24, 2022 16:34
— forked from micahlee/debugging_info.md
Conjur K8s Authenticator Debugging
infamousjoeg
/ sni_builder.sh
Last active
February 23, 2022 19:55
Automated Building of Certificates when OpenShift SNI Present
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| APIURL="https://cluster.com" | |
| PORT="6443" | |
| SERVERNAME="cluster.com" | |
| output_prefix="final-" | |
| extension="temp" | |
| dlfilename="retrieved.pem" | |
| pullcerticate_test() { | |
| local tofile="$1" |
infamousjoeg
/ 01-install-snapd.sh
Last active
February 22, 2022 22:03
How to Setup & Renew Let's Encrypt SSL on Ansible Automation Platform 2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sudo dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm | |
| sudo dnf -y upgrade | |
| sudo yum install -y snapd | |
| sudo systemctl enable --now snapd.socket | |
| sudo ln -s /var/lib/snapd/snap /snap | |
| sudo reboot now |
infamousjoeg
/ Helper.cs
Created
January 31, 2022 19:17
— forked from rbrayb/Helper.cs
Validating an ADFS JWT token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Threading; | |
| using System.Threading.Tasks; | |
| namespace ValidateJWTConsoleApp | |
| { | |
| class Helper | |
| { | |
| internal static class AsyncHelper | |
| { |
infamousjoeg
/ authn-jwt_azure.yml
Last active
January 31, 2022 18:11
Conjur authn-jwt with Azure AD-registered applications
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Conjur policy for authn-jwt using above JWT: | |
| --- | |
| # authn-jwt endpoint | |
| - !policy | |
| id: conjur/authn-jwt/c73bf3ef-87e9-48e0-ac85-9c723e6cca39 # <-- Authn ID set to tenant ID | |
| body: | |
| - !variable jwks-uri # <-- https://login.microsoftonline.com/common/discovery/keys | |
| - !variable token-app-property # <-- set to "appid" (actual name of claim) | |
| # - !variable identity-path # <-- not needed for id below (policy is applied at root) |
infamousjoeg
/ InstantPotBraisedRedCabbage.md
Last active
January 27, 2022 17:07
Instant Pot Braised Red Cabbage