#!/usr/bin/env nix-shell
#!nix-shell -p vault -p jq -i bash

set -euo pipefail

readonly server_name=${1}

export VAULT_ADDR=https://vault.int.lukegb.com/

echo Checking login credentials... >&2
vault token lookup >/dev/null || vault login -method=oidc role=admin >&2

echo Creating new secret... >&2
vault write -f -format=json auth/approle/role/${server_name}/secret-id | jq -r '.data.secret_id'