Hi, I'm Quincy

Been a DevSecOps guy for a while, this is where I keep things to share

Follow me on GitHub

Conjur

Sample Pipeline

  • SecOps pipeline using CEM, Conjur, Jenkins, Slack & AWS Lambda (WIP) https://github.com/quincycheng/cem-jenkins-slack-conjur
  • CICD pipeline using GitLab, Jenkins, Sonarqube, Artifactory, Ansible & Conjur  https://github.com/quincycheng/cicd

Integration Plugin

  • Octopus Deploy (under reviewed) https://github.com/OctopusDeploy/Library/pull/1088
  • IBM UrbanCode Deploy cyberark/urbancode-conjur-aim

Conjur Client Tool

  • Web-based Conjur client  https://github.com/quincycheng/conjur-webcli

Dynamic Secrets

  • Conjur JIT for Azure Service Principal https://github.com/quincycheng/azure-jit

Conjur Demo/Sample

  • Conjur on ARM64 guideline:  https://github.com/quincycheng/conjur-arm64-blog
  • Securing secrets in cryptocurrency exchange & automated trading using DAP & Kraken   https://github.com/quincycheng/Secrets-in-Cryptocurrency
  • Managing secrets of SpringBoot app on K8S using secret provider as cronjob https://github.com/quincycheng/springboot-k8s-secret-reload-provider-as-a-cronjob
  • Java API Demo using Maven https://github.com/quincycheng/conjur-java-maven
  • Managing binary files https://github.com/quincycheng/conjur-storing-binary-files
  • Secretless Broker Demo on GKE https://github.com/quincycheng/secretless-broker-on-gke
  • CyberArk Summon Demo for Java app on Docker https://github.com/quincycheng/java-summon-docker-demo

Conjur Katacode Live Demo/Tutorial

  • Ansible-Conjur Lookup Plugin https://katacoda.com/quincycheng/scenarios/conjur-ansible-lookup-plugin
  • Using Conjur to secure SSH secrets for Ansible https://katacoda.com/quincycheng/scenarios/conjur-ansible-ssh
  • Enabling TLS for Conjur using Envoy Proxy https://katacoda.com/quincycheng/scenarios/conjur-envoy-proxy
  • Enabling TLS for Conjur using Nginx Proxy https://katacoda.com/quincycheng/scenarios/conjur-nginx-proxy
  • Conjur Open Source One-Liner Installation https://katacoda.com/quincycheng/scenarios/conjur-oss-1liner
  • Deploying Conjur using Helm (English): https://katacoda.com/quincycheng/scenarios/conjur-oss-on-kuberetes
  • Deploying Conjur using Helm (Simplified Chinese) https://katacoda.com/quincycheng/scenarios/conjur-oss-kubernetes-cn
  • Deploying Conjur using Helm (Traditional Chinese) https://katacoda.com/quincycheng/scenarios/conjur-oss-kubernetes-zh
  • Deploying Conjur on Docker: https://katacoda.com/quincycheng/scenarios/conjur-oss-on-docker
  • Deploying Conjur on podman: https://katacoda.com/quincycheng/scenarios/conjur-oss-on-podman
  • Deploying Conjur on OpenShift: https://katacoda.com/quincycheng/scenarios/conjur-oss-on-openshift
  • Conjur REST API: https://katacoda.com/quincycheng/scenarios/conjur-rest-api-v5
  • Securing Java app on docker using conjur & summon: https://katacoda.com/quincycheng/scenarios/java-conjur-summon
  • Securing Kerberos Keytab using Conjur & summon: https://katacoda.com/quincycheng/scenarios/krb5-conjur-summon
  • Securing Java app on Docker Swarm using Conjur & Summon: https://katacoda.com/quincycheng/scenarios/swarm-conjur-summon
  • Terraform Provider for Conjur & Summon: https://katacoda.com/quincycheng/scenarios/terraform-provider-conjur

Conjur-OpenShift Lab

  • Self-Paced training https://training.cyberark.com/content/advanced-aam-dap-openshift
    • Lab 1: OpenShift Apps with embedded Secrets
    • Lab 2: OpenShift Apps with Kubernetes Secrets
    • Lab 3: Deployment of DAP follower on OpenShift manually
    • Lab 4: Deployment of DAP follower on OpenShift using seed fetcher
    • Lab 5: Secret retrieval with init container
    • Lab 6: Secret retrieval with side car container
    • Lab 7: Secret retrieval with Secretless Broker
    • Lab 8: Application Identities
  • Offline version lab guide: https://github.com/quincycheng/DAP-OpenShift-Lab-2020

PAS

CEM

  • Setting up CEM Demo using Ansible https://github.com/quincycheng/cem-demo-ansible
  • Setting up CEM demo using AWS CDK https://github.com/quincycheng/cem-aws-demo-01

CPM

  • Push credentials by CPM as  non-unicode config files https://github.com/quincycheng/sjis-ini-file-demo

PSM

  • AWS STS on Chrome PSM plugin https://github.com/quincycheng/aws-sts-chrome-cyberark-psm-plugin