Project: [Name] Started: [Date] Stack: [Key technologies]
Joe Garcia infamousjoeg
🙊
infamousjoeg
/ authn-jwt-ado-helper.sh
Created
April 16, 2026 16:25
Helper for configuring CyberArk Secrets Manager SaaS authn-jwt when authenticating Azure DevOps pipelines via Workload Identity Federation. #
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # authn-jwt-ado-helper.sh | |
| # | |
| # Helper for configuring CyberArk Secrets Manager SaaS authn-jwt when | |
| # authenticating Azure DevOps pipelines via Workload Identity Federation. | |
| # | |
| # Given a JWT (either an Azure AD access token or an Azure DevOps OIDC token), | |
| # this script: | |
| # 1. Decodes the header and payload |
infamousjoeg
/ PHASE_INDEX_TEMPLATE.md
Last active
January 30, 2026 22:37
SAPA Framework & Executer for Claude
infamousjoeg
/ 000_README.md
Last active
November 7, 2025 19:33
SWA Multipass Deployment Scripts - Automated VM deployment and SWA setup for CyberArk Secure Workload Access
This directory contains automated scripts for managing Multipass VMs and deploying the SWA (Secure Workload Access) solution.
- Multipass installed: Download from https://multipass.run/install
- Ansible installed: Required for deployment automation
- Terraform installed: Version 1.0 or higher (download)
- CyberArk Certificate Manager SAAS Account: With Workload Identity Manager (Firefly) activated
infamousjoeg
/ ScaleCCPLookupsAAP.md
Last active
October 29, 2025 13:49
Solving Dynamic CyberArk CCP Lookups in Ansible Automation Platform
You've got multiple teams, each with their own CyberArk safes (let's say 20+), and secrets in those safes are needed for agent installation across your Linux fleet. If you try to solve this the "obvious" way—creating AAP credential objects for each user × safe combination—you end up with credential sprawl from hell. 200 users × 20 safes = 4,000 credential objects. Nobody wants that.
The thing is, you can't just template variables in AAP credential queries like this:
{
"object_query": "Username={{ service }};Address=foobar.example.dev"
infamousjoeg
/ 01_ns_sa.sh
Created
September 24, 2025 18:57
Kubernetes Manifests for Secrets Provider for K8s in Sidecar Mode PoC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| kubectl create ns cyberark-poc | |
| kubectl create sa -n cyberark-poc cyberark-poc-app-sa |
infamousjoeg
/ SecretsHubDiscoveryONLY.json
Created
August 28, 2025 12:49
Secrets Hub ListSecrets Only CloudFormation Template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Parameters": { | |
| "PolicyName": { | |
| "Type": "String", | |
| "Description": "Meaningful policy name" | |
| }, | |
| "CyberArkSecretsHubRoleARN": { | |
| "Type": "String", | |
| "Description": "The Secrets Hub tenant role ARN which will be trusted by this role" |
infamousjoeg
/ README.get-secrets.md
Created
August 21, 2025 19:48
CyberArk get-secrets Tool: Windows Setup and PowerShell Usage Guide
infamousjoeg
/ authenticate_arksdk.py
Created
August 11, 2025 16:32
How to authenticate as an Identity Service User using Ark SDK for Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import getpass | |
| from ark_sdk_python import ArkClient | |
| from ark_sdk_python.auth import ArkISPAuth | |
| def interactive_platform_auth(): | |
| """Interactive platform token authentication setup""" | |
| # Gather credentials interactively | |
| tenant_url = input("Enter your CyberArk tenant URL: ") | |
| client_id = input("Enter your Service User client ID: ") |
infamousjoeg
/ AzureKeyVaultsWithSecrets.ps1
Created
August 6, 2025 17:31
Get all Azure Key Vaults in an Azure Management Group that contain Secret objects
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requires: Az PowerShell Module | |
| # Install with: Install-Module -Name Az -Scope CurrentUser | |
| # ------------------------ | |
| # VARIABLES - EDIT THESE | |
| # ------------------------ | |
| $ManagementGroupId = "<YourManagementGroupID>" # e.g. "mg-root" | |
| # ------------------------ | |
| # CONNECT TO AZURE |
infamousjoeg
/ V5SynchronizerInstallation.proxy.ps1
Created
June 16, 2025 14:38
Proxy-supported Vault-Conjur Synchronizer PowerShell Script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Version = 13.6.0.4-release/13.6 | |
| #----------------------------------------- | |
| # This script installs the Vault-Conjur Synchronizer | |
| #------------------------------------------ | |
| #Requires -Version 4.0 | |
| param([switch] $silent, [switch] $forceNoPVWAApiUse, [switch] $trustPVWAAndConjurCert, [switch] $automationTests) | |
| #region [Variables] |
NewerOlder