Secrets View secrets from master: salt '*' pillar.items Create key called mysecretkey on master: echo -n "supersecret" | gpg --armor --batch --trust-model always --encrypt -r "mysecretkey" View secrets from minion: salt-call pillar.items Get a specific secret from a minion: salt-call pillar.get a-secret Resource:…

This is a great alternative to Travis CI or Circle CI. I've been using it quite a bit for a number of projects recently, and have been very happy with the results. Test a github project without committing If you want to debug a pipeline without committing code to your…

Login To get started, you have to login: lpass login <your email address> Get a password This will grab a password from LastPass via the cli. lpass show <name of password> |grep txtPassword | awk '{print $2}'…

List all containers kubectl get pods --all-namespaces -o=custom-columns=NameSpace:.metadata.namespace,NAME:.metadata.name,CONTAINERS:.spec.containers[*].name Resource: https://serverfault.com/questions/873490/how-to-list-all-containers-in-kubernetes By namespace kubectl get pods -n <namespace> Check for insecure kubelet API access From the host curl -k https://localhost:10250/pods…

Post Exploitation This is a good place to start if you've got credentials. Set credentials for AWS cli Add the credentials to ~/.aws/credentials. It should look something like this: [default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY aws_session_token=AQoDYXdzEJr...<remainder of…