Skip to content

Instantly share code, notes, and snippets.

View kgilpin's full-sized avatar

Kevin Gilpin kgilpin

25 followers · 4 following
View GitHub Profile
@kgilpin
kgilpin / Rails Sample App 6th Ed - Microposts interface test URL
Last active October 15, 2020 18:10
Rails Sample App 6th Ed - Microposts interface test
https://app.land/applications/219?mapset=1970
@kgilpin
kgilpin / WebQuake-Nginx-Conjur.md
Last active October 2, 2018 10:36
@kgilpin
kgilpin / test.md
Created June 4, 2018 18:07
Test JS

hi

<script> alert('hi') </script>
@kgilpin
kgilpin / policy-2.yml
Created February 2, 2018 16:15
User management bug
root@3935c7d86a07:/# cat policy-2.yml
- !user alice
- !group developers
- !grant
role: !group developers
member: !user alice
@kgilpin
kgilpin / authn_k8s.yml
Last active December 5, 2017 14:18
authn-k8s
- !policy
id: conjur/authn-k8s/minikube/default
owner: !group /k8s_admin
body:
- !webservice
annotations:
kubernetes/namespace: default
- !host client
@kgilpin
kgilpin / myapp.yml
Created September 1, 2017 13:53
AnsibleFest Policy Refactor
- !policy
id: myapp
body:
- &variables
- !variable
id: database/username
annotations:
description: Application database username
- !variable
id: database/password
@kgilpin
kgilpin / README.md
Last active February 11, 2016 22:23
Conjur Traffic Auth for the Truly Paranoid

Approach

Create distinct roles with specific permissions to call untrusted web services.

Client services authenticate as one of these roles when calling an untrusted web service.

Discussion

When using an externalized (Nginx) forwarder and gatekeeper, a webservice client can send a Conjur access token for its own identity. The client doesn't have to worry about the gatekeeper misusing the access token,

@kgilpin
kgilpin / create_bacon.sh
Last active December 26, 2015 13:29
Create Conjur "bacon" resource
$ conjur resource:create food:$ns/bacon
{
"id": "sandbox:food:1eqwg0/bacon",
"owner": "sandbox:user:kgilpin",
"permissions": []
}
@kgilpin
kgilpin / bastion-policy.rb
Last active October 28, 2015 14:45
DSL Tutorial
# Defines a Bastion server layer.
#
# Usage:
# conjur policy load --as-group ops bastion-policy.rb
policy "bastion" do
# Members of this group will be able to adminsiter the bastion.
admins = group "admins"
# Members of this group will be able to login to the bastion
# with a regular, non-privileged account.
users = group "users"
@kgilpin
kgilpin / gist:3873480
Created October 11, 2012 16:08
Find a free drive letter
# Need to find the next available device to let AWS know where to attach
# the volume
drive = (Array('c'..'z').map{|c| "/dev/xvd#{c}"} - Dir.glob("/dev/xvd*"))[0]
device_id = drive[-1..-1]