44 lines
1.2 KiB
Bash
Executable file
44 lines
1.2 KiB
Bash
Executable file
#!/usr/bin/env nix-shell
|
|
#!nix-shell -p vault -p jq -i bash
|
|
|
|
set -euo pipefail
|
|
|
|
readonly server_name=${1}
|
|
|
|
export VAULT_ADDR=https://vault.int.lukegb.com/
|
|
|
|
echo Checking login credentials...
|
|
vault token lookup >/dev/null || vault login -method=oidc role=admin
|
|
|
|
echo Grabbing approle accessor...
|
|
APPROLE_ACCESSOR="$(vault auth list -format=json | jq -r '.["approle/"].accessor')"
|
|
echo -ne "\t${APPROLE_ACCESSOR}\n"
|
|
|
|
echo Creating new approle...
|
|
vault write auth/approle/role/${server_name} \
|
|
secret_id_num_uses=0 \
|
|
secret_id_ttl="" \
|
|
token_ttl=20m \
|
|
token_max_ttl=30m \
|
|
token_policies="default,server" \
|
|
token_max_uses=0
|
|
|
|
echo Setting role-id...
|
|
vault write auth/approle/role/${server_name}/role-id role_id=${server_name}
|
|
|
|
echo Creating new secret...
|
|
SECRET_ID="$(vault write -f -format=json auth/approle/role/${server_name}/secret-id | jq -r '.data.secret_id')"
|
|
echo -ne "\t$SECRET_ID\n"
|
|
|
|
echo Creating entity...
|
|
ENTITY_ID="$(vault write -format=json identity/entity \
|
|
name="${server_name}" \
|
|
policies="server" \
|
|
metadata="server=${server_name}" | jq -r '.data.id')"
|
|
echo -ne "\t$ENTITY_ID\n"
|
|
|
|
echo Creating entity alias...
|
|
vault write identity/entity-alias \
|
|
name="${server_name}" \
|
|
canonical_id="${ENTITY_ID}" \
|
|
mount_accessor="${APPROLE_ACCESSOR}"
|