~damien/infrastructure

b3ee077f9f7212c21bf0f52b19525608412abb25 — Damien Radtke 6 months ago ae6cae9
Add artifacts
2 files changed, 40 insertions(+), 0 deletions(-)

M README.md
A artifacts/vault-write-certs.sh
M README.md => README.md +1 -0
@@ 6,6 6,7 @@ Terraform and running on Linode with openSUSE.

## Folder overview

- `artifacts`: Miscellaneous runtime artifacts, intended to be accessible via Minio, S3, or similar
- `certs`: Consul, Nomad, and Vault all communicate over SSL with their own
  certificate authorities, whose certificates are defined here.
- `config`: Various configuration files, mostly for Consul, Nomad, and Vault.

A artifacts/vault-write-certs.sh => artifacts/vault-write-certs.sh +39 -0
@@ 0,0 1,39 @@
#!/usr/bin/env bash
  
set -o errexit
set -o nounset
set -o pipefail

DOMAIN=""
CERT_PATH=""
KEY_PATH=""

while [[ $# -gt 0 ]]; do
  case "$1" in
    --domain) DOMAIN="$2"; shift 2;;
    --cert-path) CERT_PATH="$2"; shift 2;;
    --key-path) KEY_PATH="$2"; shift 2;;
    *) echo "unknown option: $1"; exit 1;;
  esac
done

CERT="$(cat "${CERT_PATH}")"
KEY="$(cat "${KEY_PATH}")"
DATA="$(jq --null-input --compact-output --arg cert "${CERT}" --arg key "${KEY}" '{"data":{"cert": $cert, "key": $key}}')"

URL="https://vault.service.consul:8200/v1/secret/data/fabio/certs/${DOMAIN}"
echo "[vault-write-certs.sh] Saving cert and key to ${URL}"

curl --cacert /etc/ssl/vault/ca.pem \
  --header "X-Vault-Token: ${VAULT_TOKEN}" \
  --header "Content-Type: application/json" \
  --request POST \
  --data "${DATA}" \
  "${URL}"

exit_status=$?

echo "[vault-write-certs.sh] curl exited with status: ${exit_status}"
exit ${exit_status}

# vim: set expandtab tabstop=2 shiftwidth=2: