security
-
Vault Patch Method
With the release of HashiCorp Vault 1.9.0, managing secrets has become even more streamlined and efficient. One of the standout features? The ability to update only specified secrets, giving users precise control over their credentials within Vault. Imagine this: You want to update particular field(secret) in Vault location without touching others. Here, I shared a… Continue reading
-
check-certificate.sh
check-certificate.sh is a shell script which can be used to notify group of people over Slack before TLS certificates expire. Script can check tls certificates in two sources. tls:// and vault://. VAULT_ADDR, VAULT_TOKEN and SLACK_WEBHOOK must be set before the execution. check.txt You can find check-certificate.sh in my GH repo. Continue reading
-
walk.sh(HC Vault)
walk.sh script helps you print all secrets inside the KV type secret engine. You can extend the script to search for specific content. For example checking expire date of TLS certificates in your Vault before they expire. You can find walk.sh in my GH repo. You can find how-to in the repo. Continue reading
-
Issuing Certificate with cert-manager
cert-manager is a X.509 certificate controller that allows you issue certificate from variety of certificate issuers and renew certificates automatically before they expire in your containerized environment. You can find more info about installation cert-manager Configuration Once cert-manager is installed first thing to be configured is Issuer or ClusterIssuer. These two resources represent Certificate Authority able to sign certificates in… Continue reading
-
HashiCorp Vault Disk Inode Is Full
Recently, I had very interesting issue with Vault that, it stopped functioning two hours after integration with Redfish Bare-Metal Host Monitoring which uses Approle to get iLO user and credentials. Vault audit logs shows that Approle for redfish monitoring requested heavy in a second. It might be still normal for around 80 Physical servers polling, but something… Continue reading
-
Satellite Compute Resource Provider Password Update
Sometimes you may have an environment with strict requirements that even technical accounts have to be rotated by Privilege account manager(Cyberark etc.) regularly. That means any technical account used by the service has to be in-sync with the Privilege account manager. For this post, it will be shown you how to Compute Resource provider password… Continue reading
-
HashiCorp Vault LDAP Integration
In this post, HashiCorp Vault will be integrated with LDAP. It is good security practice that storing all secrets in the secret engine instead of putting notepad-like programs. But it is also very crucial that- “Who access to what ? So, in this post, We will integrate HashiCorp Vault with the LDAP groups that we created in… Continue reading
-
OpenLDAP Server Installation, Configuration and Hardening
This is one of the longest post that covers installation, configuration and hardening of OpenLDAP server. I had limited knowledge of LDAP directories and management of LDAP servers. Other than that, there is little information on the Internet that I used it for the real world examples. I will not delineate the LDAP directories, instead… Continue reading
-
SOCKS
SOCKS stands for Socket Secure. It exchanges data packets between client and server via proxy. It operates on the Session Layer of the OSI model. It allows users to surf on the Internet anonymously. More than that It gives you accessibility of applications only one secure port connection. In this post, I will implement fundamental… Continue reading
-
SSL Validation and Troubleshooting
There may be times when we have a problem with SSL certificate because of some issues such a missing intermediate certificate, self-sign certificate and etc,. It may be exhausting to figure out what exactly the problem is. Even though, web browsers give some details about problem, It is not enough to solve the problem sometimes.… Continue reading