Browse Source
Obtain vault token from approle auth using VAULT_ROLE_ID and VAULT_ROLE_SECRET env vars.
pull/3182/head
Stéphane Cottin
4 years ago
No known key found for this signature in database
GPG Key ID: 94ACF3717D74E1CC
1 changed files with
13 additions and
0 deletions
-
deploy/vault_cli.sh
|
@ -12,6 +12,10 @@ |
|
|
# additionally, you need to ensure that VAULT_TOKEN is avialable or |
|
|
# additionally, you need to ensure that VAULT_TOKEN is avialable or |
|
|
# `vault auth` has applied the appropriate authorization for the vault binary |
|
|
# `vault auth` has applied the appropriate authorization for the vault binary |
|
|
# to access the vault server |
|
|
# to access the vault server |
|
|
|
|
|
# |
|
|
|
|
|
# If VAULT_ROLE_ID and VAULT_ROLE_SECRET are available, get a valid token using the |
|
|
|
|
|
# vault approle authentication method. |
|
|
|
|
|
# https://www.vaultproject.io/docs/auth/approle |
|
|
|
|
|
|
|
|
#returns 0 means success, otherwise error. |
|
|
#returns 0 means success, otherwise error. |
|
|
|
|
|
|
|
@ -49,6 +53,15 @@ vault_cli_deploy() { |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
if [ -n "$VAULT_ROLE_ID" ]; then |
|
|
|
|
|
export VAULT_TOKEN=$(vault write -field=token auth/approle/login \ |
|
|
|
|
|
role_id="$VAULT_ROLE_ID" secret_id="$VAULT_ROLE_SECRET") |
|
|
|
|
|
if [ ! $? ]; then |
|
|
|
|
|
_err "cannot login to vault approle ${VAULT_ROLE_ID}!" |
|
|
|
|
|
return 1 |
|
|
|
|
|
fi |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
if [ -n "$FABIO" ]; then |
|
|
if [ -n "$FABIO" ]; then |
|
|
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}" cert=@"$_cfullchain" key=@"$_ckey" || return 1 |
|
|
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}" cert=@"$_cfullchain" key=@"$_ckey" || return 1 |
|
|
else |
|
|
else |
|
|