Skip to content

Instantly share code, notes, and snippets.

Jeff Mitchell jefferai

Block or report user

Report or block jefferai

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View -
diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go
index 171fa8c..c2a4949 100644
--- a/builtin/credential/approle/path_role.go
+++ b/builtin/credential/approle/path_role.go
@@ -1452,7 +1452,7 @@ func (b *backend) handleRoleSecretIDCommon(req *logical.Request, data *framework
Metadata: make(map[string]string),
}
- if err = strutil.ParseArbitraryKeyValues(data.Get("metadata").(string), secretIDStorage.Metadata); err != nil {
+ if err = strutil.ParseArbitraryKeyValues(data.Get("metadata").(string), secretIDStorage.Metadata, ","); err != nil {
View -
diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go
index 171fa8c..c2a4949 100644
--- a/builtin/credential/approle/path_role.go
+++ b/builtin/credential/approle/path_role.go
@@ -1452,7 +1452,7 @@ func (b *backend) handleRoleSecretIDCommon(req *logical.Request, data *framework
Metadata: make(map[string]string),
}
- if err = strutil.ParseArbitraryKeyValues(data.Get("metadata").(string), secretIDStorage.Metadata); err != nil {
+ if err = strutil.ParseArbitraryKeyValues(data.Get("metadata").(string), secretIDStorage.Metadata, ","); err != nil {
View -
diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go
index 171fa8c..c2a4949 100644
--- a/builtin/credential/approle/path_role.go
+++ b/builtin/credential/approle/path_role.go
@@ -1452,7 +1452,7 @@ func (b *backend) handleRoleSecretIDCommon(req *logical.Request, data *framework
Metadata: make(map[string]string),
}
- if err = strutil.ParseArbitraryKeyValues(data.Get("metadata").(string), secretIDStorage.Metadata); err != nil {
+ if err = strutil.ParseArbitraryKeyValues(data.Get("metadata").(string), secretIDStorage.Metadata, ","); err != nil {
@jefferai
jefferai / find_destroy_consul_tokens.sh
Last active May 12, 2018
Script to find and destroy Consul tokens created by Vault
View find_destroy_consul_tokens.sh
#!/bin/bash
# Tested with jq 1.5. Should work with jq >= 1.4.
# Note: this script is an example to show how tokens can be listed
# and managed by jq into a removal function. You should not use this
# script as-is, in particular without examining the list output to
# exclude unwanted tokens from being removed. For instance, if
# your management token for Vault itself (storage, or the Consul
# dynamic backend) has a name that begins with "Vault", this
View -
diff --git a/builtin/logical/pki/crl_util.go b/builtin/logical/pki/crl_util.go
index b433e25..45624ac 100644
--- a/builtin/logical/pki/crl_util.go
+++ b/builtin/logical/pki/crl_util.go
@@ -18,6 +18,15 @@ type revocationInfo struct {
// Revokes a cert, and tries to be smart about error recovery
func revokeCert(b *backend, req *logical.Request, serial string) (*logical.Response, error) {
+ // As this backend is self-contained and this function does not hook into
+ // third parties to manage users or resources, if the mount is tainted,
@jefferai
jefferai / pkitest.sh
Created Jan 20, 2016
PKI test script
View pkitest.sh
#!/bin/bash
vault mount -path=rootpki pki
vault mount-tune -max-lease-ttl="175200h" rootpki
vault write rootpki/root/generate/exported common_name=example.com ttl="175200h"
vault write rootpki/root/generate/internal common_name=example.com ttl="175200h"
vault write rootpki/intermediate/generate/exported common_name=example.com ttl="175200h"
vault write rootpki/intermediate/generate/internal common_name=example.com ttl="175200h"
vault mount -path=intermediatepki pki
vault mount-tune -max-lease-ttl="8760h" intermediatepki
@jefferai
jefferai / gist:a9b02179da554475b859
Created Oct 7, 2015
Example of new PKI capabilities
View gist:a9b02179da554475b859
#!/bin/bash
vault mount -path=rootpki pki
vault mount-tune -max-lease-ttl="175200h" rootpki
vault mount -path=intermediatepki pki
vault mount-tune -max-lease-ttl="17520h" intermediatepki
http POST http://127.0.0.1:8200/v1/rootpki/config/ca/generate/root/exported X-Vault-Token:$(cat ~/.vault-token) pki_address="http://vault.example.com/v1/rootpki" common_name=root.com ttl="175200h" | jq -r .data.certificate > currroot.pem
openssl x509 -in currroot.pem -noout -text
http POST http://127.0.0.1:8200/v1/intermediatepki/config/ca/generate/intermediate/exported X-Vault-Token:$(cat ~/.vault-token) pki_address="http://vault.example.com/v1/rootpki" | jq -r .data.csr > currcsr.pem
http POST http://127.0.0.1:8200/v1/rootpki/config/ca/sign X-Vault-Token:$(cat ~/.vault-token) pki_address="http://vault.example.com/v1/intermediatepki" common_name=intermediate.com ttl="17519h" csr=@currcsr.pem | jq -r .data.certificate > currcert.pem
View keybase.md

Keybase proof

I hereby claim:

  • I am jefferai on github.
  • I am jefferai (https://keybase.io/jefferai) on keybase.
  • I have a public key whose fingerprint is 0F80 1F51 8EC8 53DA FF61 1E83 6528 EFCA C6CA A3DB

To claim this, I am signing this object:

View gist:7461cce52179b22dae5e
> http http://127.0.0.1:8500/v1/catalog/register Datacenter="dc1" Node="node1" Address="10.0.0.1" Service:='{"ID": "redis1", "Service": "redis", "Tags": ["tag1"], "Address": "1.2.3.4", "Port": 1234}'
HTTP/1.1 200 OK
Content-Length: 4
Content-Type: application/json
Date: Thu, 03 Sep 2015 11:07:22 GMT
true
> http http://127.0.0.1:8500/v1/catalog/register Datacenter="dc1" Node="node2" Address="10.0.0.2" Service:='{"ID": "redis2", "Service": "redis", "Tags": ["tag2"], "Address": "5.6.7.8", "Port": 5678}'
HTTP/1.1 200 OK
@jefferai
jefferai / gist:e2bebc3bb97fed521666
Last active Mar 30, 2019
Example of Vault PKI (X509) backend issuing certificates to client and server, which then perform TLS mutual auth
View gist:e2bebc3bb97fed521666
package main
import (
"crypto/tls"
"fmt"
"html"
"io/ioutil"
"log"
"net"
"net/http"
You can’t perform that action at this time.