Kevin Gilpin kgilpin

## Rails Sample App 6th Ed - Microposts interface test URL
https://app.land/applications/219?mapset=1970

## test.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                kgilpin
                / test.md
            
            
              Created
              June 4, 2018 18:07
            
              
                Test JS
              
          
  hi

<script>
alert('hi')
</script>

  
## policy-2.yml
root@3935c7d86a07:/# cat policy-2.yml
- !user alice

- !group developers

- !grant
  role: !group developers
  member: !user alice


## authn_k8s.yml
- !policy
  id: conjur/authn-k8s/minikube/default
  owner: !group /k8s_admin
  body:
  - !webservice
    annotations:
      kubernetes/namespace: default

  - !host client

## myapp.yml
- !policy
  id: myapp
  body:
  - &variables
    - !variable
      id: database/username
      annotations:
        description: Application database username
    - !variable
      id: database/password

## README.md

      
              4 files
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                kgilpin
                / README.md
            
            
              Last active
              February 11, 2016 22:23
            
              
                Conjur Traffic Auth for the Truly Paranoid
              
          
    Approach

Create distinct roles with specific permissions to call untrusted web services.
Client services authenticate as one of these roles when calling an untrusted web service.
Discussion

When using an externalized (Nginx) forwarder and gatekeeper, a webservice client can send a Conjur access
token for its own identity. The client doesn't have to worry about the gatekeeper misusing the access token,

  
## bastion-policy.rb
# Defines a Bastion server layer.
#
# Usage:
# conjur policy load --as-group ops bastion-policy.rb
policy "bastion" do
  # Members of this group will be able to adminsiter the bastion.
  admins = group "admins"
  # Members of this group will be able to login to the bastion
  # with a regular, non-privileged account.
  users  = group "users"

## How-To-Play-Quake2-With-Conjur.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                kgilpin
                / How-To-Play-Quake2-With-Conjur.md
            
            
              Last active
              August 29, 2015 14:26
            
          
    How to play Quake2 with Conjur

Have you checked out how we secured a Node.js port of Quake2 using Nginx and Conjur
and you want to give it a try yourself?
Here's how to do it.
Install the Conjur CLI

First, install the Conjur CLI. You'll need this to login to Conjur.

  
## WebQuake-Nginx-Conjur.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                kgilpin
                / WebQuake-Nginx-Conjur.md
            
            
              Last active
              October 2, 2018 10:36
            
          
    Here's a blog post about how we secured a Node.js port of Quake2 using Nginx and Conjur:
http://blog.conjur.net/how-securing-webquake-is-like-securing-an-enterprise-application
There's a link to a 6-minute video walkthrough at the end which is easy to miss so I am including it here:

Hope you find this interesting!

  
## blue-green.rb
# Simple script which creates two groups, blue and green. Each
# group contains a couple of users. The groups have different permissions
# on 'webservice' resources. In an SDF gatekeeper scenario, the 'blue'
# team will be able to 'read' service a, and the 'green' team will be
# able to 'read' service b. Neither team can perform any action besides 'read'.
# The owner of the 'webservice' resources (which is the user that runs this script)
# has all permissions on all records, via Conjur ownership.

# Create the blue team
blue = group "blue" do
	root@3935c7d86a07:/# cat policy-2.yml
	- !user alice

	- !group developers

	- !grant
	role: !group developers
	member: !user alice
	- !policy
	id: conjur/authn-k8s/minikube/default
	owner: !group /k8s_admin
	body:
	- !webservice
	annotations:
	kubernetes/namespace: default

	- !host client
	- !policy
	id: myapp
	body:
	- &variables
	- !variable
	id: database/username
	annotations:
	description: Application database username
	- !variable
	id: database/password
	# Defines a Bastion server layer.
	#
	# Usage:
	# conjur policy load --as-group ops bastion-policy.rb
	policy "bastion" do
	# Members of this group will be able to adminsiter the bastion.
	admins = group "admins"
	# Members of this group will be able to login to the bastion
	# with a regular, non-privileged account.
	users = group "users"
	# Simple script which creates two groups, blue and green. Each
	# group contains a couple of users. The groups have different permissions
	# on 'webservice' resources. In an SDF gatekeeper scenario, the 'blue'
	# team will be able to 'read' service a, and the 'green' team will be
	# able to 'read' service b. Neither team can perform any action besides 'read'.
	# The owner of the 'webservice' resources (which is the user that runs this script)
	# has all permissions on all records, via Conjur ownership.

	# Create the blue team
	blue = group "blue" do