30 lines
1.1 KiB
Bash
30 lines
1.1 KiB
Bash
apk add jq curl
|
|
export VAULT_ADDR=http://localhost:8200
|
|
root_token=$(cat /helpers/keys.json | jq -r '.root_token')
|
|
unseal_vault() {
|
|
export VAULT_TOKEN=$root_token
|
|
vault operator unseal -address=${VAULT_ADDR} $(cat /helpers/keys.json | jq -r '.keys[0]')
|
|
vault login token=$VAULT_TOKEN
|
|
}
|
|
if [[ -n "$root_token" ]]
|
|
then
|
|
echo "Vault already initialized"
|
|
unseal_vault
|
|
else
|
|
echo "Vault not initialized"
|
|
curl --request POST --data '{"secret_shares": 1, "secret_threshold": 1}' http://127.0.0.1:8200/v1/sys/init > /helpers/keys.json
|
|
root_token=$(cat /helpers/keys.json | jq -r '.root_token')
|
|
|
|
unseal_vault
|
|
|
|
vault secrets enable -version=2 kv
|
|
vault auth enable approle
|
|
vault policy write admin-policy /helpers/admin-policy.hcl
|
|
vault write auth/approle/role/dev-role token_policies="admin-policy"
|
|
vault read -format=json auth/approle/role/dev-role/role-id \
|
|
| jq -r '.data.role_id' > /helpers/role_id
|
|
vault write -format=json -f auth/approle/role/dev-role/secret-id \
|
|
| jq -r '.data.secret_id' > /helpers/secret_id
|
|
fi
|
|
printf "\n\nVAULT_TOKEN=%s\n\n" $VAULT_TOKEN
|