puneeth072003
diff --git a/‎.github/workflows/codeclimate_standalone.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/codeclimate_standalone.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/minikube-k8s-test.yml
Lines changed: 3 additions & 2 deletions b/‎.github/workflows/minikube-k8s-test.yml
Lines changed: 3 additions & 2 deletions
diff --git a/‎.github/workflows/minikube-vault-test.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/minikube-vault-test.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.gitignore
Lines changed: 4 additions & 3 deletions b/‎.gitignore
Lines changed: 4 additions & 3 deletions
diff --git a/‎README.md
Lines changed: 43 additions & 4 deletions b/‎README.md
Lines changed: 43 additions & 4 deletions
diff --git a/‎aws/.terraform.lock.hcl
Lines changed: 145 additions & 0 deletions b/‎aws/.terraform.lock.hcl
Lines changed: 145 additions & 0 deletions
diff --git a/‎aws/README.md
Lines changed: 4 additions & 4 deletions b/‎aws/README.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎aws/k8s-vault-aws-start.sh
Lines changed: 3 additions & 0 deletions b/‎aws/k8s-vault-aws-start.sh
Lines changed: 3 additions & 0 deletions
@@ -17,12 +17,12 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Code Climate
-        uses: erzz/[email protected].4
+        uses: erzz/[email protected].5
         with:
           html_report: true
           info_threshold: 50
           minor_threshold: 25
-          major_threshold: 10
+          major_threshold: 30
           critical_threshold: 5
           blocker_threshold: 1
 
 
@@ -21,11 +21,12 @@ jobs:
       - name: Start minikube
         uses: medyagh/setup-minikube@master
         with:
-          minikube-version: 1.28.0
+          minikube-version: 1.29.0
           driver: docker
-          kubernetes-version: v1.23.12
+          kubernetes-version: v1.25.6
       - name: test script
         run: |
+          kubectl apply -f k8s/workspace-psa.yml
           kubectl apply -f k8s/secrets-config.yml
           kubectl apply -f k8s/secrets-secret.yml
           kubectl apply -f k8s/secret-challenge-deployment.yml
 
@@ -22,9 +22,9 @@ jobs:
       - name: Start minikube
         uses: medyagh/setup-minikube@master
         with:
-          minikube-version: 1.28.0
+          minikube-version: 1.29.0
           driver: docker
-          kubernetes-version: v1.23.12
+          kubernetes-version: v1.25.6
       - name: Setup helm
         uses: azure/[email protected]
         id: install
 
@@ -25,7 +25,7 @@
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
 
-.DS_STORE
+.DS_Store
 target
 
 .vscode
@@ -43,8 +43,7 @@ root_token
 # Terraform
 kubeconfig_wrongsecrets-exercise-cluster
 .terraform
-.terraform.lock.hcl
-.terraform*
+.terraform
 terraform.tfstate*
 aws/terraform.tfstate.*
 aws/terraform.tfstate.backup
@@ -66,6 +65,8 @@ azure/k8s/pod-id.yml
 # Challenge 17
 .github/scripts/thirdkey.txt
 
+yourkey.txt
+
 # Node JS
 js/node/
 js/node_modules/
 
@@ -16,6 +16,40 @@ Can you solve all the 27 challenges?
 
 <a href="https://github.com/vshymanskyy/StandWithUkraine/blob/main/README.md"><img src="https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-no-action.svg" /></a>
 
+
+## Table of contents
+- [Support](#support)
+- [Basic docker exercises](#basic-docker-exercises)
+  - [Running these on Heroku](#running-these-on-heroku)
+  - [Deploying the app under your own heroku account](#deploying-the-app-under-your-own-heroku-account)
+  - [Running on Fly.io](#running-on-flyio)
+- [Basic K8s exercise](#basic-k8s-exercise)
+  - [Minikube based](#minikube-based)
+  - [k8s based](#k8s-based)
+  - [Okteto based](#okteto-based)
+  - [Vault exercises with minikube](#vault-exercises-with-minikube)
+- [Cloud Challenges](#cloud-challenges)
+  - [Running WrongSecrets in AWS](#running-wrongsecrets-in-aws)
+  - [Running WrongSecrets in GCP](#running-wrongsecrets-in-gcp)
+  - [Running WrongSecrets in Azure](#running-wrongsecrets-in-azure)
+  - [Running Challenge15 in your own cloud only](#running-challenge15-in-your-own-cloud-only)
+- [Do you want to play without guidance?](#do-you-want-to-play-without-guidance)
+- [Special thanks & Contributors](#special-thanks--contributors)
+- [Sponsorships](#sponsorships)
+- [Help Wanted](#help-wanted)
+- [Use OWASP WrongSecrets as a secret detection benchmark](#use-owasp-wrongsecrets-as-a-secret-detection-benchmark)
+- [CTF](#ctf)
+  - [CTFD Support](#ctfd-support)
+  - [FBCTF Support](#fbctf-support--experimental--)
+- [Notes on development](#notes-on-development)
+  - [Dependency management](#dependency-management)
+  - [Get the project started in IntelliJ IDEA](#get-the-project-started-in-intellij-idea)
+  - [Automatic reload during development](#automatic-reload-during-development)
+  - [How to add a Challenge](#how-to-add-a-challenge)
+  - [Local testing](#local-testing)
+- [Want to play, but are not allowed to install the tools?](#want-to-play-but-are-not-allowed-to-install-the-tools)
+- [Further reading on secrets management](#further-reading-on-secrets-management)
+
 ## Support
 
 Need support? Contact us
@@ -212,6 +246,7 @@ Top contributors:
 -   [Marcin Nowak @MarcinNowak-codes](https://github.com/MarcinNowak-codes)
 -   [Tibor Hercz @tiborhercz](https://github.com/tiborhercz)
 -   [Chris Elbring Jr. @neatzsche](https://github.com/neatzsche)
+-   [Puneeth Y @puneeth072003](https://github.com/puneeth072003)
 -   [Filip Chyla @fchyla](https://github.com/fchyla)
 -   [Dmitry Litosh @Dlitosh](https://github.com/Dlitosh)
 -   [Josh Grossman @tghosth](https://github.com/tghosth)
@@ -283,7 +318,7 @@ We have 3 ways of playing CTFs:
 Want to use CTFD to play a CTF based on the free Heroku wrongsecrets-ctf instance together with CTFD? You can!
 
 NOTE: CTFD support now works based on the [Juiceshop CTF CLI](https://github.com/juice-shop/juice-shop-ctf).
-NOTE-II: [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com) is based on a free heroku instance, which takes time to warm up.
+NOTE-II: [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com) (temporary down based on lack of oss credits) is based on a free heroku instance, which takes time to warm up.
 Initial creation of the zip file for CTFD requires you to visit [https://wrongsecrets-ctf.herokuapp.com/api/Challenges](https://wrongsecrets-ctf.herokuapp.com/api/Challenges) once before executing the steps below.
 
 Follow the following steps:
@@ -313,16 +348,16 @@ For development on local machine use the `local` profile `./mvnw spring-boot:run
 If you want to test against vault without K8s: start vault locally with
 
 ```shell
- export VAULT_ADDR='http://127.0.0.1:8200'
+ export SPRING_CLOUD_VAULT_URI='http://127.0.0.1:8200'
  export VAULT_API_ADDR='http://127.0.0.1:8200'
  vault server -dev
 ```
 
 and in your next terminal, do (with the token from the previous commands):
 
 ```shell
-export VAULT_ADDR='http://127.0.0.1:8200'
-export VAULT_TOKEN='<TOKENHERE>'
+export SPRING_CLOUD_VAULT_URI='http://127.0.0.1:8200'
+export SPRING_CLOUD_VAULT_TOKEN='<TOKENHERE>'
 vault token create -id="00000000-0000-0000-0000-000000000000" -policy="root"
 vault kv put secret/secret-challenge vaultpassword.password="$(openssl rand -base64 16)"
 ```
@@ -359,6 +394,8 @@ Requirements: make sure you have the following tools installed: [Docker](https:/
 7. Now go to the run configuration of the app and make sure you have the active profile `without-vault`. This is done by setting the VM options arguments to `-Dserver.port=8080 -Dspring.profiles.active=local,without-vault`. Set `K8S_ENV=docker` as environment argument.
 8. Repeat step 6: run the app again, you should have a properly running application which is visitable in your browser at http://localhost:8080.
 
+**Pictorial Guide** on how to get the project started in IntelliJ IDEA is available at [*Contributing.md*](https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md#how-to-get-started-with-the-project-in-intellij-idea).
+
 Feel free to edit and propose changes via pull requests. Be sure to follow our guidance in the [documentation](https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md) to get your work accepted.
 
 Please note that we officially only support Linux and MacOS for development. If you want to develop using a Windows machine, use WSL2 or a virtual machine running Linux. We did include Windows detection & a bunch of `exe` files for a first experiment, but are looking for active maintainers of them. Want to make sure it runs on Windows? Create PRs ;-).
@@ -385,6 +422,8 @@ Follow the steps below on adding a challenge:
 4. Don't forget to add `@Order` annotation to your challenge ;-).
 5. Review the [CONTRIBUTING guide](CONTRIBUTING.md) for setting up your contributing environment and writing good commit messages.
 
+For more details please refer [*Contributing.md*](https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md#how-to-add-a-challenge).
+
 If you want to move existing cloud challenges to another cloud: extend Challenge classes in the `org.owasp.wrongsecrets.challenges.cloud` package and make sure you add the required Terraform in a folder with the separate cloud identified. Make sure that the environment is added to `org.owasp.wrongsecrets.RuntimeEnvironment`.
 Collaborate with the others at the project to get your container running so you can test at the cloud account.
 
 
@@ -111,9 +111,9 @@ The documentation below is auto-generated to give insight on what's created via
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.56.0 |
-| <a name="provider_http"></a> [http](#provider\_http) | ~> 3.2.1 |
-| <a name="provider_random"></a> [random](#provider\_random) | ~> 3.4.3 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.56.0 |
+| <a name="provider_http"></a> [http](#provider\_http) | 3.2.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.4.3 |
 
 ## Modules
 
@@ -154,7 +154,7 @@ The documentation below is auto-generated to give insight on what's created via
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The EKS cluster name | `string` | `"wrongsecrets-exercise-cluster"` | no |
-| <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | The EKS cluster version to use | `string` | `"1.23"` | no |
+| <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | The EKS cluster version to use | `string` | `"1.25"` | no |
 | <a name="input_region"></a> [region](#input\_region) | The AWS region to use | `string` | `"eu-west-1"` | no |
 
 ## Outputs
 
@@ -12,6 +12,9 @@ AWS_REGION="eu-west-1"
 echo "This is a script to bootstrap the configuration. You need to have installed: helm, kubectl, jq, vault, grep, cat, sed, and awscli, and is only tested on mac, Debian and Ubuntu"
 echo "This script is based on the steps defined in https://learn.hashicorp.com/tutorials/vault/kubernetes-minikube. Vault is awesome!"
 
+echo "Setting up workspace PSA to restricted for default"
+kubectl apply -f ../k8s/workspace-psa.yml
+
 kubectl get configmaps | grep 'secrets-file' &>/dev/null
 if [ $? == 0 ]; then
   echo "secrets config is already installed"