Note that these challenges are still very basic, and so are their explanations. Feel free to file a PR to make them look
109
110
better ;-).
skipped 10 lines
120
121
121
122
## Basic K8s exercise
122
123
123
-
_Can be used for challenges 1-6, 8, 12-28_
124
+
_Can be used for challenges 1-6, 8, 12-29_
124
125
125
126
### Minikube based
126
127
skipped 46 lines
173
174
174
175
## Vault exercises with minikube
175
176
176
-
_Can be used for challenges 1-8, 12-28_
177
+
_Can be used for challenges 1-8, 12-29_
177
178
Make sure you have the following installed:
178
179
179
180
- minikube with docker (or comment out line 8 and work at your own k8s setup),
skipped 11 lines
191
192
192
193
## Cloud Challenges
193
194
194
-
_Can be used for challenges 1-28_
195
+
_Can be used for challenges 1-29_
195
196
196
197
**READ THIS**: Given that the exercises below contain IAM privilege escalation exercises,
197
198
never run this on an account which is related to your production environment or can influence your account-over-arching
skipped 24 lines
222
223
7. Create a container and push it to your registry
223
224
8. Override the K8s definition files for either [AWS](/aws/k8s/secret-challenge-vault-deployment.yml) or [GCP](/gcp/k8s/secret-challenge-vault-deployment.yml.tpl).
224
225
225
-
## Do you want to play without guidance?
226
+
## Do you want to play without guidanceorspoils?
226
227
227
228
Each challenge has a `Show hints` button and a `What's wrong?` button. These buttons help to simplify the challenges and give explanation to the reader. Though, the explanations can spoil the fun if you want to do this as a hacking exercise.
228
229
Therefore, you can manipulate them by overriding the following settings in your env:
229
230
230
231
- `hints_enabled=false` will turn off the `Show hints` button.
231
232
- `reason_enabled=false` will turn of the `What's wrong?` explanation button.
233
+
- `spoiling_enabled=false` will turn off the `/spoil-x` endpoint (where `x` is the number of the challenge).
234
+
235
+
## Enabling Swaggerdocs and UI
236
+
237
+
You can enable Swagger documentation and the Swagger UI by overriding the `SPRINGDOC_UI` and `SPRINGDOC_DOC` when running the Docker container. See our [Okteto Deployment](https://github.com/OWASP/wrongsecrets/blob/master/okteto/k8s/secret-challenge-deployment.yml) for more details.
<li>(The Apache Software License, Version 2.0) Plexus Interpolation API (org.codehaus.plexus:plexus-interpolation:1.14 - http://plexus.codehaus.org/plexus-components/plexus-interpolation)</li>
253
-
<li>(Apache License, Version 2.0) Plexus Common Utilities (org.codehaus.plexus:plexus-utils:3.5.0 - https://codehaus-plexus.github.io/plexus-utils/)</li>
253
+
<li>(Apache License, Version 2.0) Plexus Common Utilities (org.codehaus.plexus:plexus-utils:3.5.1 - https://codehaus-plexus.github.io/plexus-utils/)</li>
254
254
<li>(The BSD License) Stax2 API (org.codehaus.woodstox:stax2-api:4.2.1 - http://github.com/FasterXML/stax2-api)</li>