Eric Reeves ericreeves
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [Parameter(Position = 0, Mandatory = $false)] | |
| [string]$Action, | |
| [Parameter(Position = 1, ValueFromRemainingArguments = $true)] | |
| [string[]]$args | |
| ) | |
| # Ensure 'wpmctl' is executable within the current context and path | |
| try { |
ericreeves
/ vault-find-secret.sh
Last active
March 20, 2025 20:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Search HashiCorp Vault for a Secret Value, Traversing all Nested namespaces | |
| # | |
| ########################################################################## | |
| # DISCLAIMER: THIS SCRIPT IS PROVIDED STRICTLY AS A PROOF OF CONCEPT. | |
| # EXECUTING THIS SCRIPT ASSUMES ALL LIABILITY. | |
| ########################################################################## | |
| # |
ericreeves
/ gist:6df2442faf08a0d822425c7c30dfad69
Created
January 25, 2024 18:40
ubuntu_base.pkr.hck
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| packer { | |
| required_plugins { | |
| amazon = { | |
| version = ">= 1.0.1" | |
| source = "github.com/hashicorp/amazon" | |
| } | |
| } | |
| } | |
| data "amazon-ami" "ubuntu-server-east" { |
ericreeves
/ archivist_renamer.py
Created
January 23, 2024 00:26
Script to Rename TubeArchivist Downloads Using the TubeArchivist API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import requests | |
| import sys | |
| from datetime import datetime | |
| # Configurable variables | |
| archivist_api_token = os.getenv('ARCHIVIST_API_TOKEN') | |
| archivist_host = os.getenv('ARCHIVIST_HOST') | |
| # Function to sanitize file name |
ericreeves
/ namespace-bound-service-account-audit.sh
Last active
January 2, 2024 22:02
Audit HashiCorp Vault for Unique Bound Service Account Names in Each Namespace
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Ensure VAULT_ADDR and VAULT_TOKEN are exported. | |
| # Ensure VAULT_NAMESPACE is unset | |
| # Function to list namespaces recursively | |
| function list_namespaces { | |
| entry_point=$(echo ${1} | sed 's/\/$//') | |
| echo "${entry_point}/" | |
| ## first, check if root ns, and if so collect children slightly differently due to path specification |
ericreeves
/ tfe_list_all_workspaces.sh
Last active
August 21, 2023 20:43
Terraform Enterprise/Cloud - List All Workspaces
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Terraform Enterprise/Cloud - List All Workspaces in All Organizations | |
| # | |
| #------------------------------------------ | |
| # DESCRIPTION | |
| #------------------------------------------ | |
| # This script will list all workspaces in all organizations visible to the user for which the TFE_TOKEN was generated | |
| # | |
| #------------------------------------------ |
ericreeves
/ vault_recursive_namespace_list.sh
Created
May 17, 2023 00:50
Bash Script to List Vault Namespaces Recursively
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # First passing argument is the depth | |
| # The second passing argument is the starting namespace | |
| # Example usage to list namespaces 10 levels deep from the "root" namespace: | |
| # ./vault_recursive_namespace_list.sh 10 | |
| # Example usage to list namespaces 5 levels deep from the "customer1" namespace. | |
| # ./vault_recursive_namespace_list.sh 5 customer1 |
ericreeves
/ denied-resources.sentinel
Created
May 11, 2023 18:33
Sentinel Policy to Deny Deployment of Specific Resource Types
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This policy uses the tfconfig/v2 import to deny resources | |
| # from an denied list | |
| # Import common-functions/tfconfig-functions/tfconfig-functions.sentinel | |
| # with alias "config" | |
| import "tfconfig-functions" as config | |
| # List of denied resources | |
| denied_list = ["aws_instance", "azurerm_virtualmachine", "google_compute_instance"] |
ericreeves
/ tfx-remote-state-sharing.sh
Last active
May 11, 2023 18:22
Quick Bash Script Wrapper for TFX to List All Remote Source Sharing for All Workspaces in an Organization
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Quick and dirty script that wraps around the TFX CLI tool to list all Workspaces within an Orgainzation, and then list all remote state | |
| # sharing for each Workspace. | |
| # | |
| # Acquire tfx here: https://tfx.rocks/ | |
| # TFX can be configured using environment variables TFE_HOSTNAME, TFE_ORGANIZATION, TFE_TOKEN | |
| # | |
| export TFE_HOSTNAME="app.terraform.io" |
ericreeves
/ test_approle_namespace.sh
Last active
February 28, 2023 14:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #export VAULT_TOKEN="<root>" | |
| export NS="TEST-NAMESPACE" | |
| echo "--- Creating namespace" | |
| vault namespace create $NS | |
| echo "--- Enable approle auth within namespace" | |
| vault auth enable -namespace=$NS approle | |
| # create policy | |
| echo "--- Writing ns-admin policy" | |
| echo '# Read TEST-NAMESPACE Namespace |
NewerOlder