Sample that shows how to fetch a secret from Azure Key Vault at run-time from an App Service with a Managed Service Identity (MSI).

Sample that shows how to fetch a secret from Azure Key Vault at run-time from an Function App with a User Assigned Managed Service Identity (MSI).

A repo full of secrets. This is designed to test SAST secret scanning tools.

#!/usr/bin/env bash # This basically just takes all of the instructions from DigitalOcean's "How To Set Up an OpenVPN Server on Ubuntu 16.04" and puts them into a single script. # Define functions. function exportReplace { ek="export KEY_${1}=" sed -i "s/${ek}\".*\"/${ek}\"${2}\"/g" vars } function getPublicInterface { pubInterface="$(ip route | grep default)" pubInterface="$(echo $pubInterface | grep -oP -m 1 "dev .*?( |$)" | head -1)" pubInterfaceLen=${#pubInterface}; if [ "${pubInterface:$pubInterfaceLen:1}" = " " ]; then ((pubInterfaceLen--)) fi ((pubInterfaceLen-=4)) pubInterface=${pubInterface:4:$pubInterfaceLen} echo $pubInterface } function getIPAddress { ip route get 1.1.1.1 | awk '{print $NF; exit}' } function getAdditionToBeforeRules { pubInterface="$(getPublicInterface)" echoStr="" echoStr=$echoStr"\n# START OPENVPN RULES" echoStr=$echoStr"\n# NAT table rules" echoStr=$echoStr"\n*nat" echoStr=$echoStr"\n:POSTROUTING ACCEPT [0:0]" echoStr=$echoStr"\n# Allow traffic from OpenVPN client to ${pubInterface}" echoStr=$echoStr"\n-A POSTROUTING -s 10.8.0.0/8 -o ${pubInterface} -j MASQUERADE" echoStr=$echoStr"\nCOMMIT" echoStr=$echoStr"\n# END OPENVPN Rules" echoStr=$echoStr"\n" echoStr=$echoStr"\n" echo -e $echoStr } # Check root privileges. if [[ $(id -u) -ne 0 ]] ; then echo "This script must be run as root." exit 1 fi # Step 1: Install OpenVPN apt-get update apt-get install -y openvpn easy-rsa # Step 2: Set up the CA directory and switch to it. make-cadir ~/openvpn-ca cd ~/openvpn-ca # Step 3: Configure the CA Variables # Get information from user to customize vars. printf "\n\nSetup will need to customize the VPN server. Some information will need" printf "\nto be collected." printf "\nDon't use quotation marks in any of these. It'll mess stuff up." printf "\nDon't leave anything blank." printf "\n\nPlease enter email address:" read emailAddress printf "\n\nPlease enter country code (i.e., \"US\",\"CA\", etc):" read countryCode printf "\n\nPlease enter state or province code (i.e., \"NY\",\"MI\"):" read provinceCode printf "\n\nPlease enter city name (but remove spaces, i.e., SanFrancisco):" read cityName printf "\n\nPlease enter organization name (could be The Illuminati for all I care):" read orgName printf "\n\nPlease enter organizational unit (Seriously, what does that even mean?):" read OUName printf "\n\nIn a short while, another program is going to ask you to confirm these." printf "\nIt will do this multiple times. You can just press Enter on all of them." printf "\nto confirm." printf "\nIMPORTANT! One of the setup programs will ask you to enter a" printf "\n\"challenge\" password. Leave it blank and just hit [Enter]." #printf "\nHowever, when asked to create a PEM password, be sure to use a strong one." printf "\nWhen a setup program asks you a y/n question, respond with \"y\"." printf "\nPress [Enter] now to continue with install." read -p "" # Customize vars file and run it. exportReplace "COUNTRY" $countryCode exportReplace "PROVINCE" $provinceCode exportReplace "CITY" $cityName exportReplace "ORG" $orgName exportReplace "EMAIL" $emailAddress exportReplace "OU" $OUName exportReplace "NAME" "server" # Step 4: Build the Certificate Authority source vars ./clean-all ./build-ca # Step 5: Create the Server Certificate, Key, and Encryption Files ./build-key-server server ./build-dh openvpn --genkey --secret keys/ta.key # Step 6: Generate a Client Certificate and Key Pair source vars ./build-key client1 # Step 7: Configure the OpenVPN Service # Copy the Files to the OpenVPN Directory cd ~/openvpn-ca/keys sudo cp ca.crt ca.key server.crt server.key ta.key dh2048.pem /etc/openvpn gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf # Adjust the OpenVPN Configuration confFile='/etc/openvpn/server.conf' #Note! This var is used later in the script, not just in this section. subString="tls-auth ta.key 0 # This file is secret" oldString=";${subString}" newString="${subString}\nkey-direction 0" sed -i "s/${oldString}/${newString}/g" $confFile subString="cipher AES-128-CBC" oldString=";${subString}" newString="${subString}\nauth SHA256" sed -i "s/${oldString}/${newString}/g" $confFile subString="user nobody" oldString=";${subString}" newString="${subString}" sed -i "s/${oldString}/${newString}/g" $confFile subString="group nogroup" oldString=";${subString}" newString="${subString}" sed -i "s/${oldString}/${newString}/g" $confFile subString="push \"redirect-gateway def1 bypass-dhcp\"" oldString=";${subString}" newString="${subString}" sed -i "s/${oldString}/${newString}/g" $confFile subString='push "dhcp-option DNS 208.67.222.222"' oldString=";${subString//./\\.}" newString="${subString}" sed -i "s/${oldString}/${newString}/g" $confFile subString="push \"dhcp-option DNS 208.67.220.220\"" oldString=";${subString//./\\.}" newString="${subString}" sed -i "s/${oldString}/${newString}/g" $confFile # Step 8: Adjust the Server Networking Configuration. # Allow IP Forwarding subString="net.ipv4.ip_forward=1" oldString="#${subString//./\\.}" newString="${subString}" sed -i "s/${oldString}/${newString}/g" /etc/sysctl.conf sudo sysctl -p # Adjust the UFW Rules to Masquerade Client Connections fileName="/etc/ufw/before.rules" newRules="$(getAdditionToBeforeRules)" fileContents="$(awk -v "n=10" -v "s=${newRules}" '(NR==n) { print s } 1' ${fileName})" echo "${fileContents}" > $fileName oldString="DEFAULT_FORWARD_POLICY=\"DROP\"" newString="DEFAULT_FORWARD_POLICY=\"ACCEPT\"" sed -i "s/${oldString}/${newString}/g" /etc/default/ufw # Open the OpenVPN Port and Enable the Changes ufw allow 1194/udp ufw allow OpenSSH ufw disable ufw enable # Step 9: Start and Enable the OpenVPN Service systemctl start openvpn@server systemctl enable openvpn@server # Step 10: Create Client Configuration Infrastructure # Creating the Client Config Directory Structure mkdir -p ~/client-configs/files chmod 700 ~/client-configs/files # Creating a Base Configuration fileName="${HOME}/client-configs/base.conf" cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf $fileName ipAddress="$(getIPAddress)" sed -i "s/my-server-1/${ipAddress}/g" $fileName subString="user" oldString=";${subString}" newString="${subString}" sed -i "s/${oldString}/${newString}/g" $fileName subString="group" oldString=";${subString}" newString="${subString}" sed -i "s/${oldString}/${newString}/g" $fileName subString="ca ca.crt" oldString="${subString/\./\\.}" newString="#${subString}" sed -i "s/${oldString}/${newString}/g" $fileName subString="cert client.crt" oldString="${subString/\./\\.}" newString="#${subString}" sed -i "s/${oldString}/${newString}/g" $fileName subString="key client.key" oldString="${subString/\./\\.}" newString="#${subString}" sed -i "s/${oldString}/${newString}/g" $fileName echo "">> "${fileName}" echo "cipher AES-128-CBC">> "${fileName}" echo "auth SHA256" >> "${fileName}" echo "key-direction 1" >> "${fileName}" echo "#script-security 2" >> "${fileName}" echo "#up /etc/openvpn/update-resolv-conf" >> "${fileName}" echo "#down /etc/openvpn/update-resolv-conf" >> "${fileName}" # Creating a Configuration Generation Script makeConfigStr=" # First argument: Client identifier KEY_DIR=~/openvpn-ca/keys OUTPUT_DIR=~/client-configs/files BASE_CONFIG=~/client-configs/base.conf cat \${BASE_CONFIG} \\ <(echo -e '<ca>') \\ \${KEY_DIR}/ca.crt \\ <(echo -e '</ca>\n<cert>') \\ \${KEY_DIR}/\${1}.crt \\ <(echo -e '</cert>\n<key>') \\ \${KEY_DIR}/\${1}.key \\ <(echo -e '</key>\n<tls-auth>') \\ \${KEY_DIR}/ta.key \\ <(echo -e '</tls-auth>') \\ > \${OUTPUT_DIR}/\${1}.ovpn " echo "#!/bin/bash" > "${HOME}/client-configs/make_config.sh" echo "${makeConfigStr}" >> "${HOME}/client-configs/make_config.sh" chmod 700 ~/client-configs/make_config.sh # Step 11: Generate Client Configurations cd ~/client-configs ./make_config.sh client1 # Copy VPN configuration to /root, so it's the same path for everyone. cp ~/client-configs/files/client1.ovpn /root

Software written to interact with ID Quantique Clavis 2 quantum key distribution system. MockDNP3 uses secret key files from the Clavis 2 to secure a sample DNP3 interchange.

Sample for ios app for crypto service. Uses ECDHE for creating secret key, ECDSA for signing, and AEC/CCM for encrypting/decrypting

Samples of using the Key Vault python SDK for recovering deleted Secrets, Keys, Certificates and Vaults

Samples of using the Key Vault node SDK for recovering deleted Secrets, Keys, Certificates and Vaults

Samples of using the Key Vault Java SDK for recovering deleted Secrets, Keys, Certificates, and Vaults

This is a sample reporo API connection app, leveraging principles such as Asynchronous server polling, Factory Method design pattern and Dependency Injection design paterns. You need your own key and shared secret for it to work and replace the constants in StatisticsFactory.php file under StatisticsFactory class.

This provides sample codes to get secrets from Azure Key Vault by reference, even in the local dev machine

Code samples to manage keys in Secret Manager using Terraform

Samples of using the Key Vault python SDK for recovering deleted Secrets, Keys, Certificates and Vaults

Sample showing how to use an HttpPipelinePolicy to proxy secrets, keys, and certificates from Azure Key Vault.

Sample code demonstrates how to keep secret values inside of NDK library key-holder securely.

A sample application to demonstrate Azure Key Vault integration using Secrets Store CSI driver on Kubernetes.

This repo contains sample code to get the Azure key vault secrets in your .NET 9 application.

A sample application to demonstate secrets, settings and Key Vault access in ASP .NET Core with the SAFE stack

ASp.NET Core 8 JWT Web API sample code just put your secret key in the appsetting and generate token

A .NET sample showing how to use MSI on a VM for storing Service Bus connection string as a secret in a key vault.

Here's a simple sample app showing how to up/download files from Amazon S3 from your iOS App using Access & Secret Key credentials, i.e. NOT using Cognito which is only available in two regions at the moment.

This is a sample test harness in ASP.NET Core 6.0 providing a Web App to run in App Service fetching secrets from various Azure Key Vaults. This harness is designed to generate signal for testing and validating changes to the vault resource firewall, service endpoint and private endpoint configurations.

Sample repo for using Azure Key Vault Provider for Secrets Store CSI Driver

This provides sample codes to backup and restore an Azure Key Vault secrets

This provides sample ARM templates to handle secrets with Azure Key Vault and by itself

backend to store secrets

No description available

Sample project for managing secret keys outside of source control

Sample password (secret key) generator app using Flutter

sample app to get key vault secret for applciations