ops/vault: add reissue-secret-id utility
This commit is contained in:
parent
262620f177
commit
8c6c7af3f7
1 changed files with 14 additions and 0 deletions
14
ops/vault/reissue-secret-id.sh
Executable file
14
ops/vault/reissue-secret-id.sh
Executable file
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/usr/bin/env nix-shell
|
||||||
|
#!nix-shell -p vault -p jq -i bash
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
readonly server_name=${1}
|
||||||
|
|
||||||
|
export VAULT_ADDR=https://vault.int.lukegb.com/
|
||||||
|
|
||||||
|
echo Checking login credentials... >&2
|
||||||
|
vault token lookup >/dev/null || vault login -method=oidc role=admin >&2
|
||||||
|
|
||||||
|
echo Creating new secret... >&2
|
||||||
|
vault write -f -format=json auth/approle/role/${server_name}/secret-id | jq -r '.data.secret_id'
|
||||||
Loading…
Reference in a new issue