vault_cli.sh 1.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061
  1. #!/usr/bin/env sh
  2. # Here is a script to deploy cert to hashicorp vault
  3. # (https://www.vaultproject.io/)
  4. #
  5. # it requires the vault binary to be available in PATH, and the following
  6. # environment variables:
  7. #
  8. # VAULT_PREFIX - this contains the prefix path in vault
  9. # VAULT_ADDR - vault requires this to find your vault server
  10. #
  11. # additionally, you need to ensure that VAULT_TOKEN is avialable or
  12. # `vault auth` has applied the appropriate authorization for the vault binary
  13. # to access the vault server
  14. #returns 0 means success, otherwise error.
  15. ######## Public functions #####################
  16. #domain keyfile certfile cafile fullchain
  17. vault_cli_deploy() {
  18. _cdomain="$1"
  19. _ckey="$2"
  20. _ccert="$3"
  21. _cca="$4"
  22. _cfullchain="$5"
  23. _debug _cdomain "$_cdomain"
  24. _debug _ckey "$_ckey"
  25. _debug _ccert "$_ccert"
  26. _debug _cca "$_cca"
  27. _debug _cfullchain "$_cfullchain"
  28. # validate required env vars
  29. if [ -z "$VAULT_PREFIX" ]; then
  30. _err "VAULT_PREFIX needs to be defined (contains prefix path in vault)"
  31. return 1
  32. fi
  33. if [ -z "$VAULT_ADDR" ]; then
  34. _err "VAULT_ADDR needs to be defined (contains vault connection address)"
  35. return 1
  36. fi
  37. VAULT_CMD=$(which vault)
  38. if [ ! $? ]; then
  39. _err "cannot find vault binary!"
  40. return 1
  41. fi
  42. if [ -n "$FABIO" ]; then
  43. $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}" cert=@"$_cfullchain" key=@"$_ckey" || return 1
  44. else
  45. $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
  46. $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
  47. $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
  48. $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
  49. fi
  50. }