Skip to content

Instantly share code, notes, and snippets.

View stenio123's full-sized avatar

Stenio Ferreira stenio123

54 followers · 15 following
View GitHub Profile
@stenio123
stenio123 / get_credentials.py
Created January 18, 2019 15:38 — forked from ricardosasilva/get_credentials.py
Download Vault credentials recursively as JSON
"""
Get Vault credentials recursively as json.
Requirements: requests lib. Run pip to install it:
$ pip install requests
To run this command:
$ python get_credentials.py <initial url> <token>
@stenio123
stenio123 / TFE_API.md
Last active January 18, 2019 13:24
Example API calls interacting with Terraform Enterprise

Example API calls interacting with Terraform Enterprise

Get list of workspaces

curl   --header "Authorization: Bearer ${TFE_TOKEN}"   --header "Content-Type: application/vnd.api+json"   $TFE_ADDR/api/v2/organizations/$TFE_ORG/workspaces | jq .

You can have the above in a loop, or to get a specific workspace:

# id of the first workspace returned
@stenio123
stenio123 / README.md
Last active January 11, 2019 14:21
Example AWS Terraform Enterprise Workflow

Example AWS Terraform Enterprise Workflow

This document describes the steps required to demo an opinionated workflow deploying and managing AWS resources using Terraform Enterprise.

Requirements

In order to complete this demo, you need to have:

  • a Terraform Enterprise account
  • a git account

Workflow Type

@stenio123
stenio123 / README.md
Created January 3, 2019 19:44
Terraform Enterprise as alternative to AWS Service Catalog

Whiteboard

@stenio123
stenio123 / NomadDemo.md
Last active December 13, 2018 19:47
Resources to demo nomad
@stenio123
stenio123 / vault-token-role-via-api.sh
Created October 17, 2018 13:21 — forked from greenbrian/vault-token-role-via-api.sh
HashiCorp Vault Token Role overview
# start vault in dev mode
VAULT_UI=true vault server -dev -dev-root-token-id="password"
# write some secrets for our example usage
curl --request POST \
--silent \
--header "X-Vault-Token: password" \
--header "Content-Type: application/json" \
--data '{ "options": { "cas": 0 }, "data": { "username": "administrator", "password": "hunter2" } }' \
http://127.0.0.1:8200/v1/secret/data/dev | jq '.'
@stenio123
stenio123 / Vault_namespace_demo.md
Created October 12, 2018 21:56
Testing Vault Namespaces

Vault Namespaces Demo

Vault Namespaces supports a variety of ways of interacting with Vault.

# Config
vault namespace create marketing

echo '
path "secret/*" {
    capabilities = ["create", "read", "update", "delete", "list", "sudo"]
@stenio123
stenio123 / Cubbyhole.md
Created October 12, 2018 15:44
Share single use secret stored in Vault

Cubbyhole Single Use Secret

By leveraging the Cubbyhole secret engine, we can store a secret that only one token can retrieve. Once that token is expired or revoked, the secret is gone. When creating the token, you can limit number of uses.

# Creates token that will be shared. It will be used once to write a secret, second time to read then it is revoked
vault token create -use-limit=2 -policy=default -metadata="name=stenio"
# Output -<TOKEN>
@stenio123
stenio123 / Vault-PKI-demo.md
Last active October 11, 2018 20:28
Using Vault to retrieve short lived certificates, and Consul Template to transparently manage the renewal

PKI Secret Engine

Create Limited Policy and Token for this demo

cat > pki.policy <<EOA
# Enable secrets engine
path "sys/mounts/*" {
  capabilities = [ "create", "read", "update", "delete", "list" ]
}
@stenio123
stenio123 / README.md
Created September 7, 2018 15:59
Steps to deploy custom gem (Vault-ruby as example)
  1. Clone git repository:
git clone git@github.com:stenio123/vault-ruby.git
  1. Move to desired branch:
git checkout added-namespaces