F5 dashboard using python flask

There are times where you only want to grant users to read-access only to multiple F5, and F5s are not binded to AD or LDAP. Also, we just want simple ways for users to go to one location and ability to view multiple F5s.

To remedy this, I have created flask based dashboard for users to login via AD/LDAP and ability to view multiple F5’s from single pane of page

https://github.com/mrthomaskim/f5dashboard

Powershell: Encrypting strings using [Protect|Unprotect]-CmsMessage

There are cases we want to encrypt strings, such as passwords or

PowerShell has come a long way, and it supports IETF standard RFD5652 cryptography method using certificate.
Note below methods support starting PowerShell version 5.0

Create inf file to generate certificate:


[Version]
Signature = "$Windows NT$"
[Strings]
szOID_ENHANCED_KEY_USAGE = "2.5.29.37"
szOID_DOCUMENT_ENCRYPTION = "1.3.6.1.4.1.311.80.1"

[NewRequest]
Subject = "[email protected]"
MachineKeySet = false
KeyLength = 2048
KeySpec = AT_KEYEXCHANGE
HashAlgorithm = Sha1
Exportable = true
RequestType = Cert
KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE | CERT_DATA_ENCIPHERMENT_KEY_USAGE"
ValidityPeriod = "Years"
ValidityPeriodUnits = "100"

[Extensions]
%szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_DOCUMENT_ENCRYPTION%"

We’ll call it automation.inf and will use below command to generate and add new certificate to current user
certreq -new automation.inf automation.cer

It will look something like this:
PS C:\ > certreq -new .\automation.inf c:\scrap\automation.cer
Installed Certificate:
Serial Number: 50a625ea82fd1b6d44ccc85f441e0604
Subject: [email protected]
Thumbprint: 1813dc1407560652482f87bae69cf40bd5953d68
Microsoft Strong Cryptographic Provider
80904f21381e94580d8fe6d24544ec10_4275232e-8c3e-4183-bcd1-b524529f39a3

This will create certificate to desired location, it will also automatically add to current user person certificate store. You can use below command to list recently created/imported certificate:
Get-ChildItem Cert:\CurrentUser\My\ -DocumentEncryptionCert

In case if you like to use different server, and would like to import the public certificate to other server, use below command
Import-Certificate -FilePath .\auditautomation.cer -CertStoreLocation cert:\CurrentUser\My

* There are ways to export private keys to other server. Keep in mind when exporting private key, you need to aware you could potentially risking unprotecting the sensitive private key! It is important to understand you should uncheck “Mark this key as exportable” on other servers:
https://docs.microsoft.com/en-us/powershell/module/pkiclient/export-pfxcertificate?view=win10-ps

To encrypt the string, use below commands:
$a = 'ThisIsString123!'
$msg = Protect-CmsMessage -Content $a -to .\auditautomation*

To decrypt the string, use below commands
Unprotect-CmsMessage -Content $msg -To Cert:\CurrentUser\My\auditautomation*

If the certificate is imported to local machine:
Unprotect-CmsMessage -Content $msg -To Cert:\LocalMachine\My\auditautomation*

Reference Link:
PowerShell V5 New Feature: Protect/Unprotect-CmsMessage

Adding git lfs to pre-existing repo

Say that you already have .mp4 files committed to existing repository, but would like to change mind, and you woud like to add mp4 file in LFS, here’s how you do it.

git rm --cached *.mp4
git add *.mp4
git commit -m "convert all mp4 files to lfs"

To check if mp4 files are added, you can run below command to check.

git lfs ls-files

More information can be found here:

https://github.com/git-lfs/git-lfs/wiki/Tutorial