I'm trying to figure out how to get my pubkey that is the default account for my file system wallet. I know where the json file is located (i.e. ~/.config/solana/id.json) and of course I looked into it. It's just an array of numbers, I can probably figure out what base the file is in and convert it to get my pub and private keys, but there has to be some kind of built in solana cli command to do this. Can anyone help?
The solana cli usage reference said that both
solana address
and
solana-keygen pubkey
can be used to get the pubkey.
By default, it get the pubkey from the private key stored in ~/.config/solana/id.json
Ok, I was using the wrong cli tool. I thought it was in "solana-keygen" but the command was:
solana address
if you want to get the pubkey of a keypair in a file you can also use the following command:
solana-keygen pubkey file.json
Related
When you receive a PGP message encrypted with your key, your PGP software can decrypt it because the message itself is encrypted with a one-time use random key and that random key is encrypted with your own key. Therefore, if you can get the random key ("session key" or "secret key"), then you can share it (and the original message) to prove to someone else what the original message said. This is what I need to do. I have been unable to find commands I can use in Windows or Linux to recover this random key. Does anyone know how to get it from the PGP message?
I'd also like to learn how to improve my search strategy because I believe the answer is already on the Internet and I just didn't search for the right keywords to find it.
echo '-----BEGIN PGP MESSAGE [...]' | gpg --show-session-key
It's okay if your PGP message spans multiple lines. You can paste it in and the presence of the first single quote causes the CLI to continue your input at the line breaks.
In Windows subsystem for Linux (aka WSL), you can use gpg to do this. One common problem with gpg is that it assumes it has a terminal connection (which is probably true) and that GPG_TTY is an environment variable that points to that connection (which might be false). The result of trying something in this case will produce Inappropriate ioctl for device and you can fix that with the following command: export GPG_TTY=$(tty)
You have to make sure the key you use to decrypt the message is in the keyring of the system you're using. I've been using Kleopatra in Windows and forgot that the keyring it uses is NOT shared with WSL, so I had to gpg --import [filename of my key] and enter my passphrase.
Once all that works, you'll get output that contains something like:
gpg: session key: '3:541FE563...
which you can use as described at https://security.stackexchange.com/questions/115231/how-to-decrypt-a-message-using-only-session-key to share the contents of the encrypted message without divulging your own private key. Thanks to Alex of Localmonero.com (aka Agoradesk.com) for helping me figure this out.
I'd like to generate a public/private keypair from the command line which I can use for local testing with a NEAR Protocol account. How is this done?
There are multiple ways to generate keys for custody purposes. See custody docs for examples. From the docs:
Generally, any software that can produce valid ed25519 key pair can be used to generate the keys.
To generate a straightforward keypair (see format requirements), where both public and private key will be available in plaintext to you, you can use the near command line tools to output a keypair for an account (once you've installed them):
NEAR_ENV=mainnet near generate-key your-account-name
This creates a json keypair at ~/.near-credentials/mainnet/your-account-name.json
mainnet is the network this will be used with by default and also the folder within which the JSON file will live.
If you don't specify an account, one will be automatically generated, for example:
NEAR_ENV=mainnet near generate-key
Key pair with ed25519:6okNNRWxvWAyWMYxmgBQ2EWPyRm1FfppgXXWJELrFLXh public key for an account "5644304e7a48c7d425ffdaef027f1dfbd32eab129954b798eae501b610f3b680"
If you peek into the generated JSON file, which lives at ``~/.near-credentials/mainnet/5644304e7a48c7d425ffdaef027f1dfbd32eab129954b798eae501b610f3b680.json`, it looks like this:
{"account_id":"5644304e7a48c7d425ffdaef027f1dfbd32eab129954b798eae501b610f3b680","public_key":"ed25519:6okNNRWxvWAyWMYxmgBQ2EWPyRm1FfppgXXWJELrFLXh","private_key":"ed25519:5NDP1t4JijZHZzGnEkz3dancSWsLG3Gjss4WPXNPiHWNtdtvVJttW9uPqvxKMCwwPgtYvTxzQqDE7mSN72wXsMcK"}
The keypair generated each time is different, but the JSON files persist. And, yes, the keypair displayed above is purely for demonstration purposes and isn't linked to anything interesting :) (don't go sharing real keypairs on the internet, folks).
Troubeshooting -- you may need to double check your permissions to create or write to the ~/.near-credentials directory to make this work properly.
Greeting everyone,
I've recently started messing with Ansible (in particular Ansible Tower).
I ran into an issue using secure values in my playbook, more accurate, I didn't understand how to use it correctly.
Compared to Chef-Infra, you could use data_bags in order to store your secure credentials.
You create a data bag:
knife data bag create testDataBag
You would create a json file for a data bag item:
{
"id": "preproduction",
"user": "user1",
"password": "this-is-a-password"
}
Upload it to the Chef server while encrypting it with a secret file (which exists the target server):
knife data bag from file testDataBag .\testDataBag\preproduction.json --secret-file .\secret-file
and then you can use it in your cookbook:
userinfo = data_bag_item('testDataBag', preproduction)
userinfo['user'] # "user1"
userinfo['password'] # "this-is-a-password"
An example use case - configuring the password for a Linux user.
userinfo = data_bag_item('testDataBag', preproduction)
user "#{userinfo['user']}" do
comment 'A random user'
home "/home/#{userinfo['user']}"
shell '/bin/bash'
password "userinfo['password']"
end
I know this is a lot of information but I just wanted to show how I'm used to use secure credentials.
Back to Ansible, I understood there is an ansible-vault tool which I can used to encrypt a variable file that later can be used in a playbook.
Sadly the only examples I've seen (or maybe I just didn't notice) include only running playbooks from the command line which is not something I do.
I have a playbook in my GIT repository which is connected to a project in my Ansible Tower.
What do I need to do in order to get to the point I can use a variable which contains the password?
Encryption is the same? by using ansible-vault?
Where do I store the encrypted files? (Specifically in Ansible Tower)
How to store the vault passwords (the one you use to decrypt a vault-id)?
How to access them in my playbook?
I've looked into those links but I couldn't find anything interesting:
https://docs.ansible.com/ansible/latest/user_guide/vault.html
https://docs.ansible.com/ansible/latest/user_guide/playbooks_vault.html
https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#variables-and-vaults
And in the Ansible Tower documentation there is no explanation on how and where to store your vault-ids.
If anymore information is needed please tell me, I'll update my post.
Thanks everyone!
As far as I know you have two options to achieve this in AWX/Tower, depending on where you want those secrets stored.
Creating a vault within your project/GIT repo
Use "ansible-vault create" command and select a password
Save the credentials within the vault in yaml format and commit/push the changes to git
On your playbook add an include_vars to your vault file and commit/push to git
In Tower create a credential, select type=Vault and add the password for your vault
On your Tower template add the credential you created earlier
Use a custom credential type (this will not save the creds in git at all, they will just live on Tower/AWX)
Create a new custom credential type with an injector configuration type of "extra_vars" and the credentials you want to include as variables in your playbook.
Then create a credential based on the new credential type you created in the previous step.
Now assign that credential to your template, and those variables will just be available in your playbook run.
Here are the details on how to create a custom credential type
https://docs.ansible.com/ansible-tower/latest/html/userguide/credential_types.html
I know I should have done this before. But I didn't get a chance to host parse and now when I am trying to do it, it is asking to enter me master key, but I do not have it. I have parse channel name, client key, application id, javascript key. Is it possible to host a parse server using these keys only or is there any way to get master key now? Please help. Thank you in advance.
You define your own master key when you host a parse server. It can be anything you want.
If you mean you want to keep the existing master key from a parse.com app, there is no way to do this unless you have a record of it. For instance if you used it somewhere.
I'm attempting to set up a docker-machine on AWS from my computer and I want to use the ~/.aws/credentials file to connect and get going. I'm struggling to sort this out though. Can I check the structure of the credentials file.
I'm expecting to include the following text:
[default]
aws_access_key_id = key-pair-name-from-ec2-key-pair-list
aws_secret_access_key = <this is the bit I'm struggling with>
For the aws_secret_access_key do I need to include the contents of the .pem file which was downloaded when I created the key-pair, and if so then do I include the start and end comments and do I need to strip out the new lines?
I have tried to strip out the lines and strip out the comments but that didn't work, I have also tried to include just as is and again that didn't work. I've also tried the other option of preserving the new lines but removing the comments and again that didn't work.
Am I using the right secret here or is there something else that I should be doing. Is the [default] the correct thing to use or do I need to use [username]?
Key pairs are used only to connect to EC2 instances. To use AWS API's with CLI or any SDK, you have to obtain access key and secret. You can follow this steps to obtain them for your IAM user: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey
The best practice is to create a new user with only needed access rights and create a key for that user. And never expose AWS credentials to public domain.