2022-03-14 21:28:16 +00:00
|
|
|
#!/usr/bin/env nix-shell
|
|
|
|
|
#!nix-shell -p vault -p jq -i bash
|
|
|
|
|
|
|
|
|
|
set -euo pipefail
|
|
|
|
|
|
|
|
|
|
readonly server_name=${1}
|
|
|
|
|
|
|
|
|
|
export VAULT_ADDR=https://vault.int.lukegb.com/
|
|
|
|
|
|
|
|
|
|
echo Checking login credentials... >&2
|
|
|
|
|
vault token lookup >/dev/null || vault login -method=oidc role=admin >&2
|
|
|
|
|
|
2022-03-20 10:20:25 +00:00
|
|
|
echo Destroying existing secrets for that server... >&2
|
|
|
|
|
vault list -format=json "auth/approle/role/${server_name}/secret-id" | jq -r '.[]' | while read -r secret_id_accessor; do
|
|
|
|
|
echo -ne "\t$secret_id_accessor\n"
|
|
|
|
|
vault write "auth/approle/role/${server_name}/secret-id-accessor/destroy" secret_id_accessor="${secret_id_accessor}"
|
2022-04-18 15:44:55 +00:00
|
|
|
done || true
|
2022-03-20 10:20:25 +00:00
|
|
|
|
2022-03-14 21:28:16 +00:00
|
|
|
echo Creating new secret... >&2
|
2022-03-20 10:20:25 +00:00
|
|
|
vault write -f -format=json -wrap-ttl=3m "auth/approle/role/${server_name}/secret-id" | jq -r '.wrap_info.token'
|
