Start Vault:
vault server -dev
Enable JWT auth mechanism:
thejohnny
thejohnny
/ command.sh
Created
January 28, 2024 20:42
— forked from devops-school/command.sh
Terraform Azure Creating Linux VM with a Image using Data Sources
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ terraform init | |
| $ terraform plan | |
| $ terraform apply --auto-approve | |
| $ terraform output |
thejohnny
/ main.tf
Created
August 8, 2023 20:17
— forked from nicklhw/main.tf
Terraform code to enable Vault EGP policy and TOTP MFA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform { | |
| required_providers { | |
| vault = { | |
| source = "hashicorp/vault" | |
| version = "3.11.0" | |
| } | |
| } | |
| } | |
| provider "vault" { |
thejohnny
/ aws_iam_federated.tf
Created
August 8, 2023 20:15
— forked from devops-adeel/aws_iam_federated.tf
WIP Code in creating workload identity
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_iam_policy_document" "default" { | |
| version = "2012-10-17" | |
| statement { | |
| sid = "FederatedTrustVaultOIDC" | |
| effect = "Allow" | |
| actions = ["sts:AssumeRoleWithWebIdentity", ] | |
| principals { | |
| type = "Federated" |
thejohnny
/ OIDC configuration with Hashi Vault.md
Created
October 4, 2022 15:45
— forked from alwell-kevin/OIDC configuration with Hashi Vault.md
HashiTalks 2022 - OIDC configuration with Hashi Vault
thejohnny
/ aad_oidc_grp.tf
Created
April 20, 2022 18:24
— forked from devops-adeel/aad_oidc_grp.tf
Terraform snippet to setup AzureAD Auth Method.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| locals { | |
| aad_group = var.aad_group | |
| application = var.application_name | |
| mount_accessor = var.mount_accessor | |
| } | |
| data "azuread_group" "default" { | |
| display_name = local.aad_group | |
| } |
thejohnny
/ setup-loopback.sh
Created
April 20, 2022 14:43
Add network addresses to loopback interface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| for x in 10 20 30 | |
| do | |
| for y in {1..5} | |
| do | |
| sudo ifconfig lo0 alias 127.0.${x}.${y} | |
| done | |
| done |
thejohnny
/ github_jwt_auth.tf
Created
April 7, 2022 18:11
— forked from jeffwecan/github_jwt_auth.tf
Example of using GitHub OIDC ID token claims for per-repo K/V path access via templated Vault policies.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "github_jwt_issuer_url" { | |
| description = "Issuer URL for GitHub; used in JWT/OIDC auth method configuration." | |
| type = string | |
| default = "https://token.actions.githubusercontent.com" | |
| } | |
| variable "github_org_name" { | |
| type = string | |
| default = "some-github-org" | |
| } |
thejohnny
/ hcp-vault-perf-replication.tf
Created
April 6, 2022 15:32
Terraform to create pair of HVNs, peering connection and pair of clusters with perf replication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform { | |
| required_providers { | |
| hcp = { | |
| source = "hashicorp/hcp" | |
| } | |
| } | |
| } | |
| provider "hcp" {} |
thejohnny
/ vault_logrotate
Created
June 17, 2021 16:55
— forked from abuxton/vault_logrotate
logrotate setting file for HashiCorp's Vault audit file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Change the path below to your own audit log path. | |
| /var/log/vault/audit.log { | |
| rotate 30 | |
| daily | |
| # Do not execute rotate if the log file is empty. | |
| notifempty | |
| missingok | |
| compress | |
| # Set compress on next rotate cycl to prevent entry loss when performing compression. | |
| delaycompress |
thejohnny
/ cloud_init_debugging.md
Created
April 15, 2021 12:38
— forked from RagedUnicorn/cloud_init_debugging.md
Debugging tipps when working with cloud-init
Cloud-init combined with terraform can be a powerful tool to provision instances on startup. Debugging scripts that are run by cloud-init however are not the easiest to debug.
Usually on an Ubuntu machine a lot of what is happening can be found in the syslog
cat /var/log/syslog
NewerOlder