we are using Curity 6.5.3 version and creating a custom plugin to deploy. AFter the deployment, the services do not start.
we want to set the standard environment to preprod or prod for curity.
I am assuming you're talking about the Signicat Plugin.
I've installed that in Curity, and here's how I configured the environment setting in the idsh CLI:
▶ dist/bin/idsh
User renatoathaydes last logged in 2022-07-13T14:21:29.376931+00:00, to Renatos-MBP-2, from 127.0.0.1 using cli-console
renatoathaydes connected from 127.0.0.1 using console on Renatos-MBP-2
renatoathaydes#Renatos-MBP-2> configure
Entering configuration mode private
[ok][2022-07-13 16:27:08]
[edit]
renatoathaydes#Renatos-MBP-2% edit profiles profile authentication
Possible completions:
user-management-service oauth-service authentication-service
renatoathaydes#Renatos-MBP-2% edit profiles profile authentication authentication-service settings authentication-service authenticators
[ok][2022-07-13 16:27:29]
[edit profiles profile authentication authentication-service settings authentication-service authenticators]
renatoathaydes#Renatos-MBP-2% set authenticator my-signicat signicat env
^
% Invalid input detected at '^' marker.
renatoathaydes#Renatos-MBP-2% set authenticator my-signicat signicat standard-environment pr
Possible completions:
pre-production - Non-production environment for testing and verification
production - The production environment should be use
renatoathaydes#Renatos-MBP-2% set authenticator my-signicat signicat standard-environment production
[ok][2022-07-13 16:27:54]
[edit profiles profile authentication authentication-service settings authentication-service authenticators]
Notice that the CLI supports auto-completion when you hit TAB. Should be easy to figure out how to set the other settings that are required.
Related
I am trying to store my stripe live key via Credentials as shown in the Securing Rails Application Guide: https://guides.rubyonrails.org/security.html#custom-credentials
I'm not sure what I'm doing wrong, the keys are written to the credentials file and in the test and development environments they work but when pushing to production I get errors that say my API Keys are not set. Here are what my credentials file and production config look like:
Credentials file ->
stripe_live: xxx.xxx.xxx
config/environments/production:
Stripe.api_key = Rails.application.credentials.stripe_live
I've also tried setting the keys with this command
rails credentials:edit --environment production and still no luck in the production environment.
How do I set rails credentials for the production environment? Do I need to set the RAILS_MASTER_KEY as an env variable in my production environemtn?
Set RAILS_MASTER_KEY to the string located within config/master.key . Rails automatically will use this value to decrypt your credentials file. A separate credentials file is optional, but if you do chose to use the separate credentials file you need to be sure that you use that key for the RAILS_MASTER_KEY env variable.
I just integrated an encrypted shopping cart to my Rails(4.2) app for use with Paypal. Currently, my app reads the SSL cert & key files into constants which are then used during encryption. This works fine, but I'd prefer not to publish those files to github. The app uses the figaro gem to manage the environment variables in the application.yml file. Is there a way to incorporate the SSL certs into application.yml as environment variables instead of reading the files?
Thanks in advance,
Brendan
I am trying to deploy a "Hello, world" Rails app (Rails v 5.0.1, Ruby v 2.3.1) to AWS for the purposes of learning about AWS.
I have created an IAM user in the AWS Elastic Beanstalk dashboard, and I've verified that the user has one access ID and secret access key. I've ensured these two credentials are stored in environment variables in my local machine, and for completeness I've also ensured these same values are correct in the ~/.aws/credentials file. I have gone through the steps of creating a new application in the UI, however whenever I click "Create Application", I see the following error at the top of the screen:
Validation Error
Configuration validation exception: AWS Elastic Beanstalk could not communicate with Amazon EC2 to determine whether to create a custom security group for Elastic Load Balancing.
My IAM user is a member of the "AdministratorAccess" and "AWSElasticBeanstalkFullAccess" permissions groups.
When creating the application, I went through the following steps:
1) Selected "Web server environment" in the "Choose environment tier" menu.
2) In the "Create a new environment" menu, I choose "Ruby" as the platform and "Sample Application" under the "Application code" selection.
Similarly, when I nagivate to my project directory in the command line, and I run "eb create dev-env", I see the following:
MacBook-Pro-5:beanstalk richiethomas$ eb create dev-env
WARNING: You have uncommitted changes.
Creating application version archive "app-e4da-170116_145453".
Uploading beanstalk/app-e4da-170116_145453.zip to S3. This may take a while.
Upload Complete.
ERROR: API Call unsuccessful. Status code returned 401
EDIT: The same 401 response is returned even when I have no uncommitted changes.
Can anyone illuminate what I'm doing wrong?
I know this question was awhile ago but for those looking for the solution to this issue you need to add the following permissions to your IAM account.
AWSCodeCommitPowerUser
AWSCodeCommitFullAccess
I have two Heroku app tiers (a production and a staging app)
My DNS is configured to point to either, depending on the subdomain.
*.example.co -> app-production
*.staging.example.co - > app-staging
SSL
SSL add on is enabled for both. The same exact SSL wildcard certificate is uploaded to both.
> heroku certs --remote production
Endpoint Common Name(s) Expires Trusted
---------------------------- ------------------------ -------------------- -------
tokushima-XXXX.herokussl.com *.example.co, example.co 2018-10-10 00:00 UTC True
> heroku certs --remote staging
Endpoint Common Name(s) Expires Trusted
---------------------------- ------------------------ -------------------- -------
hiroshima-XXXX.herokussl.com *.example.co, example.co 2018-10-10 00:00 UTC True
Domains
Each has the corresponding domains also configured in Heroku
> heroku domains --remote production
=== app-production Custom Domains
Domain Name DNS Target
----------------------------- -------------------------------------
*.example.co tokushima-XXXX.herokussl.com
example.co tokushima-XXXX.herokussl.com
> heroku domains --remote staging
=== app-staging Custom Domains
Domain Name DNS Target
-------------------- ------------------------
*.staging.example.co app-staging.herokuapp.com <-- should this be the SSL endpoint?
Question
All the above works fine in terms of routing.
foo.example.co visits my production app
foo.staging.example.co visits my staging app
However on staging, SSL does not work. I get a "certificate untrusted" error, even though it's the same certificate.
I strongly suspect it's because when configuring the Staging Domains, the DNS target should be an SSL endpoint, not the direct heroku app URL.
But I have no way to edit that. If I do
> heroku domains:add *.staging.example.co --remote staging
It automatically adds the DNS target for me. On Prod it automatically added the SSL endpoint.
Is there a way around this?
This is how ssl wildcard certificates behave: a certificate for *.example.com is valid for foo.example.com but not bar.foo.example.com.
This is specified in rfc 2818, which says
Names may contain the wildcard
character * which is considered to match any single domain name
component or component fragment. E.g., *.a.com matches foo.a.com but
not bar.foo.a.com. f*.com matches foo.com but not bar.com
I am trying to use Capistrano to connect over ssh with svn in order to deploy an app to prod from a windows dev box (Aptana Studio Community Edition). When I run 'cap deploy' it starts executing tasks in deploy.rb, then it asks for a password for user account 'a' but I need to connect using account 'b' not 'a'. User account 'a' has no root privileges on the linux box that I am trying to connect. It seems that svn picks up a default username.
Does any know what's going on? is svn picking up Windows username? in deploy.rb i tell it to connect with user account 'b' with password 'bb'.
Capistrano on Windows is a huge pain in the neck. I only moved back to it when I shifted my development environment to Linux.
Anyway, here's some things to try...
If you enter a blank password, does it prompt for a username?
I'm unclear whether it is the svn or shell username that's wrong but either way you can use these in your deploy.rb file:
set :scm_username, "your svn username"
set :scm_password, "your svn password"
set :user, "your linux user"