lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions

ops/vault/reissue-secret-id: don't fail on systems with no pre-existing secrets

Browse source
This commit is contained in:
Luke Granger-Brown 2022-04-18 16:44:55 +01:00
parent 60e6ae8af5
commit 8b9c3494ff
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ops/vault/reissue-secret-id.sh
View file

@ -14,7 +14,7 @@ echo Destroying existing secrets for that server... >&2
vault list -format=json "auth/approle/role/${server_name}/secret-id" | jq -r '.[]' | while read -r secret_id_accessor; do
echo -ne "\t$secret_id_accessor\n"
vault write "auth/approle/role/${server_name}/secret-id-accessor/destroy" secret_id_accessor="${secret_id_accessor}"
done
done || true
echo Creating new secret... >&2
vault write -f -format=json -wrap-ttl=3m "auth/approle/role/${server_name}/secret-id" | jq -r '.wrap_info.token'