ops/vault: add reissue-secret-id utility

2022-03-14 21:28:16 +00:00 · 2022-03-14 21:28:16 +00:00 · 8c6c7af3f7
commit 8c6c7af3f7
parent 262620f177
1 changed files with 14 additions and 0 deletions
--- a/ops/vault/reissue-secret-id.sh
+++ b/ops/vault/reissue-secret-id.sh
@ -0,0 +1,14 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -p vault -p jq -i bash
+
+set -euo pipefail
+
+readonly server_name=${1}
+
+export VAULT_ADDR=https://vault.int.lukegb.com/
+
+echo Checking login credentials... >&2
+vault token lookup >/dev/null || vault login -method=oidc role=admin >&2
+
+echo Creating new secret... >&2
+vault write -f -format=json auth/approle/role/${server_name}/secret-id | jq -r '.data.secret_id'