ops/vault/reissue-secret-id: don't fail on systems with no pre-existing secrets

This commit is contained in:
Luke Granger-Brown 2022-04-18 16:44:55 +01:00
parent 60e6ae8af5
commit 8b9c3494ff

View file

@ -14,7 +14,7 @@ echo Destroying existing secrets for that server... >&2
vault list -format=json "auth/approle/role/${server_name}/secret-id" | jq -r '.[]' | while read -r secret_id_accessor; do vault list -format=json "auth/approle/role/${server_name}/secret-id" | jq -r '.[]' | while read -r secret_id_accessor; do
echo -ne "\t$secret_id_accessor\n" echo -ne "\t$secret_id_accessor\n"
vault write "auth/approle/role/${server_name}/secret-id-accessor/destroy" secret_id_accessor="${secret_id_accessor}" vault write "auth/approle/role/${server_name}/secret-id-accessor/destroy" secret_id_accessor="${secret_id_accessor}"
done done || true
echo Creating new secret... >&2 echo Creating new secret... >&2
vault write -f -format=json -wrap-ttl=3m "auth/approle/role/${server_name}/secret-id" | jq -r '.wrap_info.token' vault write -f -format=json -wrap-ttl=3m "auth/approle/role/${server_name}/secret-id" | jq -r '.wrap_info.token'