Skip to content

Instantly share code, notes, and snippets.

View stenio123's full-sized avatar

Stenio Ferreira stenio123

54 followers · 15 following
View GitHub Profile
@stenio123
stenio123 / Cubbyhole.md
Created October 12, 2018 15:44
Share single use secret stored in Vault

Cubbyhole Single Use Secret

By leveraging the Cubbyhole secret engine, we can store a secret that only one token can retrieve. Once that token is expired or revoked, the secret is gone. When creating the token, you can limit number of uses.

# Creates token that will be shared. It will be used once to write a secret, second time to read then it is revoked
vault token create -use-limit=2 -policy=default -metadata="name=stenio"
# Output -<TOKEN>
@stenio123
stenio123 / Vault_namespace_demo.md
Created October 12, 2018 21:56
Testing Vault Namespaces

Vault Namespaces Demo

Vault Namespaces supports a variety of ways of interacting with Vault.

# Config
vault namespace create marketing

echo '
path "secret/*" {
    capabilities = ["create", "read", "update", "delete", "list", "sudo"]
@stenio123
stenio123 / vault-token-role-via-api.sh
Created October 17, 2018 13:21 — forked from greenbrian/vault-token-role-via-api.sh
HashiCorp Vault Token Role overview
# start vault in dev mode
VAULT_UI=true vault server -dev -dev-root-token-id="password"
# write some secrets for our example usage
curl --request POST \
--silent \
--header "X-Vault-Token: password" \
--header "Content-Type: application/json" \
--data '{ "options": { "cas": 0 }, "data": { "username": "administrator", "password": "hunter2" } }' \
http://127.0.0.1:8200/v1/secret/data/dev | jq '.'
@stenio123
stenio123 / NomadDemo.md
Last active December 13, 2018 19:47
Resources to demo nomad
@stenio123
stenio123 / Sign.MD
Last active February 23, 2023 22:16
Signing a base64 string with Vault Transit Secret Engine

This code shows the steps to enable the transit secret engine, configure a key, and use the sign leveraging Vault.

vault secrets enable transit

# Default key type doesn't support signing
vault write -f transit/keys/my-key type=rsa-4096

# Encode a string as base64
echo -n 'This was created by Stenio, you can trust me!' | openssl base64
@stenio123
stenio123 / README.md
Created January 3, 2019 19:44
Terraform Enterprise as alternative to AWS Service Catalog

Whiteboard

@stenio123
stenio123 / README.md
Created January 11, 2019 00:06
Example Azure Terraform Enterprise Workflow

Example Azure Terraform Enterprise Workflow

This document describes the steps required to demo an opinionated workflow deploying and managing Azure resources using Terraform Enterprise.

Requirements

In order to complete this demo, you need to have:

  • a Terraform Enterprise account
  • a git account

Steps

@stenio123
stenio123 / README.md
Last active January 11, 2019 14:21
Example AWS Terraform Enterprise Workflow

Example AWS Terraform Enterprise Workflow

This document describes the steps required to demo an opinionated workflow deploying and managing AWS resources using Terraform Enterprise.

Requirements

In order to complete this demo, you need to have:

  • a Terraform Enterprise account
  • a git account

Workflow Type

@stenio123
stenio123 / TFE_API.md
Last active January 18, 2019 13:24
Example API calls interacting with Terraform Enterprise

Example API calls interacting with Terraform Enterprise

Get list of workspaces

curl   --header "Authorization: Bearer ${TFE_TOKEN}"   --header "Content-Type: application/vnd.api+json"   $TFE_ADDR/api/v2/organizations/$TFE_ORG/workspaces | jq .

You can have the above in a loop, or to get a specific workspace:

# id of the first workspace returned
@stenio123
stenio123 / get_credentials.py
Created January 18, 2019 15:38 — forked from ricardosasilva/get_credentials.py
Download Vault credentials recursively as JSON
"""
Get Vault credentials recursively as json.
Requirements: requests lib. Run pip to install it:
$ pip install requests
To run this command:
$ python get_credentials.py <initial url> <token>