Skip to content

Instantly share code, notes, and snippets.

Kevin Gilpin kgilpin

Block or report user

Report or block kgilpin

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View test.md

hi

<script> alert('hi') </script>
@kgilpin
kgilpin / policy-2.yml
Created Feb 2, 2018
User management bug
View policy-2.yml
root@3935c7d86a07:/# cat policy-2.yml
- !user alice
- !group developers
- !grant
role: !group developers
member: !user alice
View authn_k8s.yml
- !policy
id: conjur/authn-k8s/minikube/default
owner: !group /k8s_admin
body:
- !webservice
annotations:
kubernetes/namespace: default
- !host client
@kgilpin
kgilpin / myapp.yml
Created Sep 1, 2017
AnsibleFest Policy Refactor
View myapp.yml
- !policy
id: myapp
body:
- &variables
- !variable
id: database/username
annotations:
description: Application database username
- !variable
id: database/password
@kgilpin
kgilpin / README.md
Last active Feb 11, 2016
Conjur Traffic Auth for the Truly Paranoid
View README.md

Approach

Create distinct roles with specific permissions to call untrusted web services.

Client services authenticate as one of these roles when calling an untrusted web service.

Discussion

When using an externalized (Nginx) forwarder and gatekeeper, a webservice client can send a Conjur access token for its own identity. The client doesn't have to worry about the gatekeeper misusing the access token,

View bastion-policy.rb
# Defines a Bastion server layer.
#
# Usage:
# conjur policy load --as-group ops bastion-policy.rb
policy "bastion" do
# Members of this group will be able to adminsiter the bastion.
admins = group "admins"
# Members of this group will be able to login to the bastion
# with a regular, non-privileged account.
users = group "users"
View How-To-Play-Quake2-With-Conjur.md
View WebQuake-Nginx-Conjur.md
@kgilpin
kgilpin / blue-green.rb
Created Jun 13, 2015
Simple blue/green model
View blue-green.rb
# Simple script which creates two groups, blue and green. Each
# group contains a couple of users. The groups have different permissions
# on 'webservice' resources. In an SDF gatekeeper scenario, the 'blue'
# team will be able to 'read' service a, and the 'green' team will be
# able to 'read' service b. Neither team can perform any action besides 'read'.
# The owner of the 'webservice' resources (which is the user that runs this script)
# has all permissions on all records, via Conjur ownership.
# Create the blue team
blue = group "blue" do
@kgilpin
kgilpin / Notes
Created Dec 8, 2014
Conjur commands
View Notes
Upgrade Conjur CLI
$ sudo /opt/conjur/embedded/bin/gem install conjur-cli --no-rdoc --no-ri
You can’t perform that action at this time.