Skip to content

Instantly share code, notes, and snippets.

Kevin Gilpin kgilpin

Block or report user

Report or block kgilpin

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile


<script> alert('hi') </script>
kgilpin / policy-2.yml
Created Feb 2, 2018
User management bug
View policy-2.yml
root@3935c7d86a07:/# cat policy-2.yml
- !user alice
- !group developers
- !grant
role: !group developers
member: !user alice
View authn_k8s.yml
- !policy
id: conjur/authn-k8s/minikube/default
owner: !group /k8s_admin
- !webservice
kubernetes/namespace: default
- !host client
kgilpin / myapp.yml
Created Sep 1, 2017
AnsibleFest Policy Refactor
View myapp.yml
- !policy
id: myapp
- &variables
- !variable
id: database/username
description: Application database username
- !variable
id: database/password
kgilpin /
Last active Feb 11, 2016
Conjur Traffic Auth for the Truly Paranoid


Create distinct roles with specific permissions to call untrusted web services.

Client services authenticate as one of these roles when calling an untrusted web service.


When using an externalized (Nginx) forwarder and gatekeeper, a webservice client can send a Conjur access token for its own identity. The client doesn't have to worry about the gatekeeper misusing the access token,

kgilpin /
Last active Dec 26, 2015
Create Conjur "bacon" resource
$ conjur resource:create food:$ns/bacon
"id": "sandbox:food:1eqwg0/bacon",
"owner": "sandbox:user:kgilpin",
"permissions": []
View bastion-policy.rb
# Defines a Bastion server layer.
# Usage:
# conjur policy load --as-group ops bastion-policy.rb
policy "bastion" do
# Members of this group will be able to adminsiter the bastion.
admins = group "admins"
# Members of this group will be able to login to the bastion
# with a regular, non-privileged account.
users = group "users"
kgilpin / gist:3873480
Created Oct 11, 2012
Find a free drive letter
View gist:3873480
# Need to find the next available device to let AWS know where to attach
# the volume
drive = (Array('c'..'z').map{|c| "/dev/xvd#{c}"} - Dir.glob("/dev/xvd*"))[0]
device_id = drive[-1..-1]
kgilpin / gist:3537559
Created Aug 30, 2012
Archive a Jenkins Ruby Gem artifact to a Conjur Dataset
View gist:3537559
cd pkg && INSCITIV_ENV=stage rvm 1.9.2@myproject do bundle exec ../bin/conjur datafile:upload "Jenkins artifacts: myproject" *.gem
You can’t perform that action at this time.