Vishal Nayak vishalnayak

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                vishalnayak
                / keybase.md
            
            
              Created
              October 11, 2016 00:28
            
          
    Keybase proof

I hereby claim:

I am vishalnayak on github.
I am vishalnayak (https://keybase.io/vishalnayak) on keybase.
I have a public key ASBhlVW1V3XXXHQ0W6eDIXTT2rbyfO0lmviXfCteSd_VNQo

To claim this, I am signing this object:

  
## rsaTest.sh
#!/bin/bash
set -aex
vault mount transit
vault write transit/keys/rsa type=rsa-2048 exportable=true
vault read -format json transit/export/encryption-key/rsa | jq -r '.data.keys["1"]' > private.pem
vault read -format json transit/keys/rsa | jq -r '.data.keys["1"].public_key' > public.pem
# Verify parsing of public key
openssl rsa -inform PEM -pubin -in public.pem -text
# Verify parsing of private key
openssl rsa -in private.pem -pubout

## okta.sh
#!/bin/bash
set -e
set -x
vault auth-enable okta
vault write auth/okta/config org_name=dev-511503-admin api_token=redactedocUmeQVeazDbOPDnE9ZYPCoknUGFz-h base_url=oktapreview.com
vault write auth/okta/groups/testgroup policies=default
vault write auth/okta/users/vishalnayakv@gmail.com groups=testgroup policies=testpolicy
vault auth -method=okta username=vishalnayakv@gmail.com

## approle.sh
#!/bin/bash
set -aex
vault auth enable approle
vault write auth/approle/role/role1 bind_secret_id=true period=60
secretID=$(vault write -format json -f auth/approle/role/role1/secret-id | jq -r '.data.secret_id')
roleID=$(vault read -format json auth/approle/role/role1/role-id | jq -r '.data.role_id')
vault write auth/approle/login role_id=$roleID secret_id=$secretID

## ldap_external_groups.sh
#!/bin/bash
set -aex
italiansGroupID=$(vault write -format=json identity/group name=ldap_Italians type=external | jq -r '.data.id')
scientistsGroupID=$(vault write -format=json identity/group name=ldap_Scientists type=external | jq -r '.data.id')
vault auth-enable ldap
accessor=$(curl -H "X-vault-token:root" http://localhost:8200/v1/sys/auth | jq -r '.data."ldap/".accessor')

italiansGroupAliasID=$(vault write -format=json identity/group-alias canonical_id=$italiansGroupID mount_accessor=$accessor name=Italians | jq -r '.data.id')
scientistsGroupAliasID=$(vault write -format=json identity/group-alias canonical_id=$scientistsGroupID mount_accessor=$accessor name=Scientists | jq -r '.data.id')

## ldap.sh
#!/bin/bash
set -aex
cat > ldapConfig -<<EOF
{
			"url":      "ldap://ldap.forumsys.com",
			"userattr": "uid",
			"userdn":   "dc=example,dc=com",
			"groupdn":  "dc=example,dc=com",
			"binddn":   "cn=read-only-admin,dc=example,dc=com"
}

## IdentityDemo.sh
#!/bin/bash
#set -ae
set -x

# Create three different secrets in the KV store
vault write secret/path1 key1=secret1
vault write secret/path2 key2=secret2
vault write secret/path3 key3=secret3
vault write secret/path4 key4=secret4

## pki.sh
#!/bin/bash
set -aex
vault secrets enable pki
vault secrets tune -max-lease-ttl=87600h pki
vault write pki/root/generate/internal common_name=myvault.com ttl=87600h ip_sans=127.0.0.1
vault write pki/roles/myvault-dot-com require_cn=false allowed_domains="myvault.com" allow_subdomains="true" max_ttl="72h" generate_lease="true"
vault write pki/issue/myvault-dot-com format=pem ip_sans=127.0.0.1

## init.sh
#!/bin/bash
set -aex

initResult=$(vault operator init -format json -key-shares 1 -key-threshold 1)
unsealKey=$(echo -n $initResult | jq -r '.unseal_keys_b64[0]')
rootToken=$(echo -n $initResult | jq -r '.root_token')

# Store the unseal key and the root token for future use
echo -n $unsealKey > unsealKey
echo -n $rootToken > rootToken

## userpass.sh
#!/bin/bash
set -aex

vault auth enable userpass
vault write auth/userpass/users/vishal password=nayak policies=default
vault read auth/userpass/users/vishal
vault login -method=userpass username=vishal password=nayak
	#!/bin/bash
	set -aex
	vault mount transit
	vault write transit/keys/rsa type=rsa-2048 exportable=true
	vault read -format json transit/export/encryption-key/rsa \| jq -r '.data.keys["1"]' > private.pem
	vault read -format json transit/keys/rsa \| jq -r '.data.keys["1"].public_key' > public.pem
	# Verify parsing of public key
	openssl rsa -inform PEM -pubin -in public.pem -text
	# Verify parsing of private key
	openssl rsa -in private.pem -pubout
	#!/bin/bash
	set -e
	set -x
	vault auth-enable okta
	vault write auth/okta/config org_name=dev-511503-admin api_token=redactedocUmeQVeazDbOPDnE9ZYPCoknUGFz-h base_url=oktapreview.com
	vault write auth/okta/groups/testgroup policies=default
	vault write auth/okta/users/vishalnayakv@gmail.com groups=testgroup policies=testpolicy
	vault auth -method=okta username=vishalnayakv@gmail.com
	#!/bin/bash
	set -aex
	vault auth enable approle
	vault write auth/approle/role/role1 bind_secret_id=true period=60
	secretID=$(vault write -format json -f auth/approle/role/role1/secret-id \| jq -r '.data.secret_id')
	roleID=$(vault read -format json auth/approle/role/role1/role-id \| jq -r '.data.role_id')
	vault write auth/approle/login role_id=$roleID secret_id=$secretID
	#!/bin/bash
	set -aex
	italiansGroupID=$(vault write -format=json identity/group name=ldap_Italians type=external \| jq -r '.data.id')
	scientistsGroupID=$(vault write -format=json identity/group name=ldap_Scientists type=external \| jq -r '.data.id')
	vault auth-enable ldap
	accessor=$(curl -H "X-vault-token:root" http://localhost:8200/v1/sys/auth \| jq -r '.data."ldap/".accessor')

	italiansGroupAliasID=$(vault write -format=json identity/group-alias canonical_id=$italiansGroupID mount_accessor=$accessor name=Italians \| jq -r '.data.id')
	scientistsGroupAliasID=$(vault write -format=json identity/group-alias canonical_id=$scientistsGroupID mount_accessor=$accessor name=Scientists \| jq -r '.data.id')
	#!/bin/bash
	set -aex
	cat > ldapConfig -<<EOF
	{
	"url": "ldap://ldap.forumsys.com",
	"userattr": "uid",
	"userdn": "dc=example,dc=com",
	"groupdn": "dc=example,dc=com",
	"binddn": "cn=read-only-admin,dc=example,dc=com"
	}
	#!/bin/bash
	#set -ae
	set -x

	# Create three different secrets in the KV store
	vault write secret/path1 key1=secret1
	vault write secret/path2 key2=secret2
	vault write secret/path3 key3=secret3
	vault write secret/path4 key4=secret4
	#!/bin/bash
	set -aex
	vault secrets enable pki
	vault secrets tune -max-lease-ttl=87600h pki
	vault write pki/root/generate/internal common_name=myvault.com ttl=87600h ip_sans=127.0.0.1
	vault write pki/roles/myvault-dot-com require_cn=false allowed_domains="myvault.com" allow_subdomains="true" max_ttl="72h" generate_lease="true"
	vault write pki/issue/myvault-dot-com format=pem ip_sans=127.0.0.1
	#!/bin/bash
	set -aex

	initResult=$(vault operator init -format json -key-shares 1 -key-threshold 1)
	unsealKey=$(echo -n $initResult \| jq -r '.unseal_keys_b64[0]')
	rootToken=$(echo -n $initResult \| jq -r '.root_token')

	# Store the unseal key and the root token for future use
	echo -n $unsealKey > unsealKey
	echo -n $rootToken > rootToken
	#!/bin/bash
	set -aex

	vault auth enable userpass
	vault write auth/userpass/users/vishal password=nayak policies=default
	vault read auth/userpass/users/vishal
	vault login -method=userpass username=vishal password=nayak