While configuring PGP encryption what values we have to pass for principal and Secret Alias ID.
In PGP encryption principal is nothing but the username in the key that is it is a combination of name and email ID you specified while generating the keys
ex: smith .
and coming to Secret alias ID GPA tool does not provide this value.we have to provide some random value, deploy application and run your flow.Mule will throw an exception in the console you can also the list of keys that is Secret Alias ID that what we want.In console we can find suggested Secret Alias ID like this
Related
I am new to Azure and trying to understand if there any co-relation between key and secret in azure key vault
i have below question on using key against a secret
Eg:
Secret with db credentials
Represent key for accessing secret
Is this possible in azure key-vault?
Yes, it is possible,
You can store your DB Password in a secret and your DB user in another secret, or even store both in the same secret. At the end key vault save strings.
In Key Vault you must follow the next steps to create a secret:
Open the secret section and go to Generate/Import
insert the Name (Key) and the secret value (value), and then create your secret
After that, you can refer to the name to get the value of the secret
Hope this helps!
I am working on a application which uses Vault.
Now, the vault needs Role_Id and Secret_Id to be delivered in order to fetch value for a key.
Both these role_id and secret_id are kept in environment variable.
I can't figure out how to get/retrieve these role and secret id from HarshiCorp Vault.
I have the UI for vault opened up but I can't figure out how to generate these 2 values.
Anyone can provide the steps will be great!
role_id and secret_id are the credentials leased via Vault AppRole authentication method.
You can follow the examples here adapting to your use case
I am trying to make following function with customized tokens. The goal is to mint tokens including metadata which is only exposed to the owner of token. This means that no one is permitted to read the metadata other than the owner. Is it possible to create such tokens?
Thank you.
You can implement that with Attribute Based Access Control with the help of Hyperledger Fabric CA, Chaincode's client identity library and some programming related key management techniques.
In Chaincode Side:
To store metadata, the chaincode will get the owner/user certificate with the help of client identity library and by parsing that certificate, chaincode will get certificate user's/owner's public key and hold the public key with a variable named as "variablePublicKey" and after that will store it's metadata with key "variablePublicKey.metadata".
To read the metadata, the chaincode will get the owner/user certificate with the help of client identity library and by parsing that certificate, chaincode will get certificate user's/owner's public key and hold the public key with a variable named as "variablePublicKey" and after that will get it's metadata with key "variablePublicKey.metadata".
To ensure security with this system, your chaincode must need to add some substring with each of user Input key. For example if user want to invoke or to query a car type asset, the chaincode will always add a substring with that user input, like user input key is "xyz" so the chaincode will add a substring with that like "xyz.car" and store/update value against the "xyz.car" key. To query a car, if the user give the input as "xyz", the chaincode will add a substring with that like "xyz.car" and query value against the "xyz.car" key
We have a requirement to create RSA key pair using Azure key vault and copy the RSA public key to external system. The requirement is the external system will encrypt the data using public key and internal system will talk to azure key vault and de-crypt the data. I don't have access to Azure key vault yet, so going through the documentation. I have two basic questions:
Is there a way to export the RSA public key in a text format using Azure portal without using API (https://learn.microsoft.com/en-us/rest/api/keyvault/getkey/getkey).
If I don't select 'set activation' or 'set expiration' date while creating the keys, will the key expire? Do they have a default expiration value?
Thanks in advance.
Is there a way to export the RSA public key in a text format using Azure portal without using API
The only way to export the key in the portal is Download Backup, you will get a file like xxxxvault1-testkey-20181227.keybackup, but the key will be encrypted, it could not be used outside the Azure Key Vault system.
If you want to export the key that will not be encrypted, you could use Azure CLI:
az keyvault key show --vault-name 'keyvaultname' --name 'testkey' --version 'e8dfb0f7b7a045b5a1e80442af833270' > C:\Users\joyw\Desktop\output.txt
It will export the key as a file output.txt.
If I don't select 'set activation' or 'set expiration' date while creating the keys, will the key expire? Do they have a default expiration value?
AFAIK, if you don't set expiration date, it will never expire.
I am newbie to the Terraform and just want to ask that is there anyway to set the AWS console password for IAM user with Terraform. I am able to configure the IAM users, group, their access and secret key but couldn't find the way to set the console password. Please point me to where I can get it work. Thanks
Its possible to get console password for IAM USER using terraform :
Using below command :
terraform output password | base64 --decode | keybase pgp decrypt
Follow below instructions :
Store password in outputs.tf file
terraform output password > would give your encrypted password
Now before install nodejs and node on your server and set PATH
Now to decrypt password we need one more concept that is KEYBASE : https://keybase.io/
Go this site create a account in KEYBASE from console then under Docs go to Linux/Ubuntu and follow instructions :
Now in shell
keybase login
enter all details.
Point to be noted :
resource "aws_iam_user_login_profile" "user_login" {
user = "${aws_iam_user.user.name}"
pgp_key = "keybase:username" ------------ username means: user you
created in keybase account
password_length = 10 }
Now terraform plan
terraform apply
keybase pgp list
terraform output password | base64 --decode | keybase pgp decrypt
You would get your password :) :)
You can now do so by using the iam_user_login_profile resource
resource "aws_iam_user_login_profile" "foo" {
user = "${aws_iam_user.bar.name}"
pgp_key = "${var.key}"
}
Note that the pgp_key is required and can be either a PGP public key or a reference to a keybase.io profile (say foobar) by passing keybase:foobar in the pgp_key variable.
The iam_user_login_profile resource exports a password attribute which is the encrypted password for an aws_iam_user.
Check the official documentation for more.
Setting the password via Terraform isn't really possible. Even if it were, it wouldn't be ideal practice because you'd have a password in the configuration. The better option is to let AWS set/use/create a default password that is given to the specific user in a secure way and ensure that they change it.