From 8c6c7af3f74b6b42466dbf9c3779f2185cecb375 Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <hg@lukegb.com>
Date: Mon, 14 Mar 2022 21:28:16 +0000
Subject: [PATCH] ops/vault: add reissue-secret-id utility

---
 ops/vault/reissue-secret-id.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100755 ops/vault/reissue-secret-id.sh

diff --git a/ops/vault/reissue-secret-id.sh b/ops/vault/reissue-secret-id.sh
new file mode 100755
index 0000000000..6ba9ff76bf
--- /dev/null
+++ b/ops/vault/reissue-secret-id.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -p vault -p jq -i bash
+
+set -euo pipefail
+
+readonly server_name=${1}
+
+export VAULT_ADDR=https://vault.int.lukegb.com/
+
+echo Checking login credentials... >&2
+vault token lookup >/dev/null || vault login -method=oidc role=admin >&2
+
+echo Creating new secret... >&2
+vault write -f -format=json auth/approle/role/${server_name}/secret-id | jq -r '.data.secret_id'