#!/usr/bin/env nix-shell #!nix-shell -p vault -p jq -i bash set -euo pipefail readonly server_name=${1} export VAULT_ADDR=https://vault.int.lukegb.com/ echo Checking login credentials... >&2 vault token lookup >/dev/null || vault login -method=oidc role=admin >&2 echo Destroying existing secrets for that server... >&2 vault list -format=json "auth/approle/role/${server_name}/secret-id" | jq -r '.[]' | while read -r secret_id_accessor; do echo -ne "\t$secret_id_accessor\n" vault write "auth/approle/role/${server_name}/secret-id-accessor/destroy" secret_id_accessor="${secret_id_accessor}" done echo Creating new secret... >&2 vault write -f -format=json -wrap-ttl=3m "auth/approle/role/${server_name}/secret-id" | jq -r '.wrap_info.token'