How to insert a jks file in Vault Hashicorp? - base64

I have a jks file which I need to put in Vault but before putting the jks file it should be base64 encoded and saved as json.
This is the process in short -
encoding the jks to base64 --> Storing the string in a file --> Modify
to json --> Store to vault
Here is what I am doing -
#encode and store it in a file
cat my-jks-file.jks | base64 > my-jks-file.txt
#Manually convert this to a json file which looks like this -
{
"my-secret" : <base64 string>
}
#Put this inside vault
vault kv put kv/foo #converted-jks-file.json
Is there a better way to do this? I want to avoid the manual step. Thanks

After doing a some research and going through the docs here -https://www.vaultproject.io/docs/commands/kv/put
I found a way to do this all in a single line
cat my-jks-file.jks | base64 | vault kv put kv/my-new-secret vault-jks=-

Related

Base64 input check for Yara rules

so I started using Yara rules,
I have a mysql database with files and their base64 encodes saved in a column.
Is there any way to input in Yara a base64 string without storing it in a file? if so, what is the command? If not, is there a way in Python?
This is what I tried to do:
rule string_exist{
strings:
$a = "just for use in the Virtual Mechanics tutorials. More text. And more" base64
condition:
$a
}
and then in cmd: yara64.exe -r manual_code.yar ..........long base64 string``
but recieved an error: could not open file
Thanks in advance.

Is there a way to pass truststore.jks value in place for file location

I connect by Elasticsearch Instance through Spark code .. which requires to pass truststore file location and keystore file location, while instantiating the spark session as below.
.config("es.net.ssl.keystore.location", truststore_location)
.config("es.net.ssl.keystore.pass", truststore_password)
.config("es.net.ssl.truststore.location", truststore_location)
.config("es.net.ssl.truststore.pass", truststore_password)
I do have a file location but the challenge here is the value in the truststore.jks file is basically the encoded value of original value. This was done to when the ask was to copy the truststore.jks content and upload it as secret in Kubernetes pod.
I extracted the same by passing
cat truststore.jks | base64
Now as the file location when passed to spark session builder it gives invalid format error which is obvious. So is there any way by which I can extract the value and decode it and then pass the value ... not any location.
below is the way I loaded the volumes and volume mount for same
volumes:
- name: elasticsearch-truststore
secret:
secretName: "env-elasticsearch-truststore"
items:
- key: truststore.jks
path: truststore.jks
volumeMounts:
- name: elasticsearch-truststore
mountPath: /etc/encrypted
If anyone can suggest any other way I can approach the issue it will be great.
Thanks
There is a problem with the secret object you've created. The encoded value is only relevant when the object exists as a manifest in the etcd database of Kubernetes API server. The encoding has no effect on the actual contents of the secret.
I think what could have caused this is you encoded the contents and then created a secret of the encoded contents, which is what you're observing here.
A simple fix would be to delete the existing secret and create a new secret simply from your truststore.jks file, as follows:
kubectl create secret env-elasticsearch-truststore --from-file=truststore.jks=/path/to/truststore
This will create a secret named env-elasticsearch-truststore and this will contain one key truststore.jks with a value of /path/to/truststore file contents.
You can then use this secret as a file by mounting it in your pod, the specification will look like this:
...
volumes:
- name: elasticsearch-truststore
secret:
secretName: env-elasticsearch-truststore
volumeMounts:
- name: elasticsearch-truststore
mountPath: "/etc/encrypted"
...
This will ensure that the file truststore.jks will be available at the path /etc/encrypted/truststore.jks and will contain the contents of the original truststore.jks file.

Store RSA keys in Airflow Connectors

What is the best way to store RSA connectors in Airflow Connectors?
hook = BaseHook.get_connection("my_rsa")
key = hook.extra
I am using this way. However, the key is stored as String. What is the best way to convert this to bytes?
It sounds like you're trying to secure RSA Keys... you should use airflow's crypto module
You can encrypt your keys and keep the encrypted key in an environment variable or in your own airflow.cfg
Do note that Airflow doesn't handle key rotation by default for you.
from the docs
Install crypto package pip install apache-airflow[crypto]
Generate fernet_key, using this code snippet below. fernet_key must be a base64-encoded 32-byte key:
from cryptography.fernet import Fernet
fernet_key=Fernet.generate_key()
print(fernet_key.decode()) # your fernet_key,keep it in secured place!
Replace airflow.cfg fernet_key value with the one from above. Alternatively, you can store your fernet_key in OS environment variable - You do not need to change airflow.cfg in this case as Airflow will use environment variable over the value in airflow.cfg:
#Note the double underscores
export AIRFLOW__CORE__FERNET_KEY=your_fernet_key

Get string output for PGP Encrypt and Sign in one pass using Bouncy Castle

I have the code which can PGP encrypt and sign a file in one pass and save the encrypted data in another file.
The problem is that I have to pass this encrypted data to another API in JSON format. For that I need to convert the encrypted data to a string which can be identified by the API and then later be decrypted.
Is there any way to PGP encrypt and sign a particular string and then get the encrypted response as a string which can later be decrypted.
Apparently reading the file contents to a string and then trying to decrypt the string is not helping.
The solution would be to convert the file contents to a byte array and then base-64 encoding the byte array.

Convert p12 APNS certificate to base64 string

I want to send the .p12 file of APNS certificate to One Signal API, but I need first to convert the .p12 file to base64 string. How do I do that?
The API documentation is below:
https://documentation.onesignal.com/reference#create-an-app
If you're on a Mac you can use the base64 utility that comes with Mac.
base64 -i certificate.p12 -o outputfile
This depends on the programming language you are using.
For example, here's how to do it in Ruby:
base64_encoded_p12 = Base64.encode64(File.read('/path/to/your/file.p12'))
new Buffer(fs.readFileSync(__dirname + "/ios_push_certificate.p12")).toString('base64')
That is the correct script after all.
You can use this on Linux
base64 file.p12
To write the base64 output to any file, you can use this
base64 file.p12 > output.base64
Note: This works for any files not only .p12

Resources