~damien/infrastructure

infrastructure/artifacts/vault-write-certs.sh -rwxr-xr-x 974 bytes
b481ba41 — Damien Radtke Suppress cluster env output if non-interactive 6 days ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/env bash
  
set -o errexit
set -o nounset
set -o pipefail

DOMAIN=""
CERT_PATH=""
KEY_PATH=""

while [[ $# -gt 0 ]]; do
  case "$1" in
    --domain) DOMAIN="$2"; shift 2;;
    --cert-path) CERT_PATH="$2"; shift 2;;
    --key-path) KEY_PATH="$2"; shift 2;;
    *) echo "unknown option: $1"; exit 1;;
  esac
done

CERT="$(cat "${CERT_PATH}")"
KEY="$(cat "${KEY_PATH}")"
DATA="$(jq --null-input --compact-output --arg cert "${CERT}" --arg key "${KEY}" '{"data":{"cert": $cert, "key": $key}}')"

URL="https://vault.service.consul:8200/v1/secret/data/fabio/certs/${DOMAIN}"
echo "[vault-write-certs.sh] Saving cert and key to ${URL}"

curl --cacert /etc/ssl/vault/ca.pem \
  --header "X-Vault-Token: ${VAULT_TOKEN}" \
  --header "Content-Type: application/json" \
  --request POST \
  --data "${DATA}" \
  "${URL}"

exit_status=$?

echo "[vault-write-certs.sh] curl exited with status: ${exit_status}"
exit ${exit_status}

# vim: set expandtab tabstop=2 shiftwidth=2: