Skip to content

Instantly share code, notes, and snippets.

View ravenjm's full-sized avatar

ravenjm

1 follower · 1 following
View GitHub Profile
@kawsark
kawsark / vault-jenkins-approle.md
Last active September 24, 2024 13:49
Example Jenkins integration for Vault using AppRole and curl

Example Jenkins integration for Vault

This snippet provides an example Jenkinsfile that performs an AppRole authentication using curl utility. The objective is to allow Jenkins to Authenticate to Vault, then use a temporary token to retrieve a secret. It does not rely on a plugin and therefore offers more flexibility.

AppRole authentication relies on a ROLE_ID and SECRET_ID to login and retrieve a Vault token. There are two ways to provide the SECRET_ID to Jenkins. Both of these are expanded upon below.

  1. Pre-created SECRET_ID as a Jenkins secret. An out-of-band workflow will need to refresh the SECRET_ID periodically so Jenkins continues to perform AppRole logins successfully.
  2. Alternative AppRole design: Give Jenkins the ability to refresh the SECRET_ID by itself.

1. Pre-created Secret ID

@stenio123
stenio123 / README.md
Created August 14, 2019 15:05
Vault Kubernetes Webhook Instructions

Vault Kubernetes Mutating Hook

This is an example showing how to use mutating admission hooks in kubernetes to automate the addition of init and sidecar containers to pods. This will allow using only one annotation in the deployment to automate retrieval of secrets from Vault.

Environment

Vault

  1. Download Vault
  2. Execute
vault server -dev -dev-root-token-id=root
@texasdave2
texasdave2 / cka-practice-questions
Last active April 28, 2025 09:57
Questions are not from any actual exam!!!
Q: Create a job that calculates pi to 2000 decimal points using the container with the image named perl
and the following commands issued to the container: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
Once the job has completed, check the logs to and export the result to pi-result.txt.
Solution:
@reachlin
reachlin / prometheus.yml
Created April 19, 2017 07:06
sample prometheus configuration explained
// For all the confusing Prometheus configuration and
// regular expressions,
// explained in examples.
// Remember, there are default values for each item if it's missing.
// regex is (.*),
// replacement is $1,
// separator is ;
// ,and action is replace
@cmavr8
cmavr8 / secure-ssh.yml
Last active January 4, 2024 19:52
Secure SSH configuration ansible playbook. Last updated years ago, NOT recommended for use. There are better ways to do this today.
---
# SSH server settings, in line with https://stribika.github.io/2015/01/04/secure-secure-shell.html
# Before using, change myhosts to your hosts' nickname and myuser to your username (two instances! make sure you replace both or you'll be locked out of ssh!)
- hosts: myhosts
become: true
remote_user: myuser
tasks:
# Key exchange, ciphers and MACs
- lineinfile: dest=/etc/ssh/sshd_config regexp='^KexAlgorithms' line='KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256'
@Daenyth
Daenyth / debug_requests.py
Created August 27, 2015 14:35
Enable debug logging for python requests
import requests
import logging
import httplib
# Debug logging
httplib.HTTPConnection.debuglevel = 1
logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)
req_log = logging.getLogger('requests.packages.urllib3')
req_log.setLevel(logging.DEBUG)