Skip to content

Instantly share code, notes, and snippets.

View jeromebaude's full-sized avatar

Jérôme Baude jeromebaude

8 followers · 0 following
View GitHub Profile
@jeromebaude
jeromebaude / AKS_WorkloadIdentity_AKV.md
Last active November 10, 2025 15:36
This gist guides you on how to use AKS Workload Identity to access Azure Key Vault

AKS Workload Identiy for my pods to access Azure Key Vault

At the cluster level (tasks managed by the AKS SRE team):

Enable OIDC and Workload Identity on AKS

az aks update --resource-group <RESOURCE_GROUP> --name <CLUSTER_NAME> --enable-oidc-issuer --enable-workload-identity
@jeromebaude
jeromebaude / Generate_AWS_creds_with_Vault_from_Doormat.md
Last active January 13, 2021 15:48

Generate AWS dynamic credentials with Vault from Doormat credentials

Background

Vault can generate 3 types of AWS credentials:

  • Iam_user
  • STS assumed_role
  • STS federation_token

Today we (Hashi People) get our AWS creds from Doormat. Doormat generates AWS STS credentials valid for 8 hours. An AWS STS credential is made of:

@jeromebaude
jeromebaude / Vault_as_a_KMS_for_Ceph.md
Last active November 10, 2021 09:06

HashiCorp Vault as a KMS for Ceph

The following readme guides you thru the steps to set up a minimal demo using a local Vault and a 1 node Rook/Ceph cluster hosted in Minikube

Install and start minikube

$ minikube start (ou minikube start --driver=virtualbox)

When installing rook for the first time, make sure we have a raw device on the minikube host (https://rook.io/docs/rook/v1.3/ceph-quickstart.html)

@jeromebaude
jeromebaude / keybase.md
Created July 5, 2019 17:28
My first public gist

Keybase proof

I hereby claim:

  • I am jeromebaude on github.
  • I am jeromebaude (https://keybase.io/jeromebaude) on keybase.
  • I have a public key ASAPYZ-qB89Aie86vBbHeTMBMJFsP4D1zFQimDUeozaYAgo

To claim this, I am signing this object: