]>
Commit | Line | Data |
---|---|---|
de692d3d SP |
1 | #!/usr/bin/env sh |
2 | ||
3 | # Here is a script to deploy cert to hashicorp vault using curl | |
4 | # (https://www.vaultproject.io/) | |
5 | # | |
6 | # it requires following environment variables: | |
7 | # | |
8 | # VAULT_PREFIX - this contains the prefix path in vault | |
9 | # VAULT_ADDR - vault requires this to find your vault server | |
10 | # | |
11 | # additionally, you need to ensure that VAULT_TOKEN is avialable | |
12 | # to access the vault server | |
13 | ||
14 | #returns 0 means success, otherwise error. | |
15 | ||
16 | ######## Public functions ##################### | |
17 | ||
18 | #domain keyfile certfile cafile fullchain | |
19 | vault_deploy() { | |
20 | ||
21 | _cdomain="$1" | |
22 | _ckey="$2" | |
23 | _ccert="$3" | |
24 | _cca="$4" | |
25 | _cfullchain="$5" | |
26 | ||
27 | _debug _cdomain "$_cdomain" | |
28 | _debug _ckey "$_ckey" | |
29 | _debug _ccert "$_ccert" | |
30 | _debug _cca "$_cca" | |
31 | _debug _cfullchain "$_cfullchain" | |
32 | ||
33 | # validate required env vars | |
9fcd1040 | 34 | _getdeployconf VAULT_PREFIX |
de692d3d SP |
35 | if [ -z "$VAULT_PREFIX" ]; then |
36 | _err "VAULT_PREFIX needs to be defined (contains prefix path in vault)" | |
37 | return 1 | |
38 | fi | |
e203e983 | 39 | _savedeployconf VAULT_PREFIX "$VAULT_PREFIX" |
de692d3d | 40 | |
9fcd1040 | 41 | _getdeployconf VAULT_ADDR |
de692d3d SP |
42 | if [ -z "$VAULT_ADDR" ]; then |
43 | _err "VAULT_ADDR needs to be defined (contains vault connection address)" | |
44 | return 1 | |
45 | fi | |
e203e983 | 46 | _savedeployconf VAULT_ADDR "$VAULT_ADDR" |
de692d3d SP |
47 | |
48 | # JSON does not allow multiline strings. | |
49 | # So replacing new-lines with "\n" here | |
50 | _ckey=$(sed -z 's/\n/\\n/g' <"$2") | |
51 | _ccert=$(sed -z 's/\n/\\n/g' <"$3") | |
52 | _cca=$(sed -z 's/\n/\\n/g' <"$4") | |
53 | _cfullchain=$(sed -z 's/\n/\\n/g' <"$5") | |
54 | ||
55 | URL="$VAULT_ADDR/v1/$VAULT_PREFIX/$_cdomain" | |
f511a527 | 56 | export _H1="X-Vault-Token: $VAULT_TOKEN" |
de692d3d SP |
57 | |
58 | if [ -n "$FABIO" ]; then | |
7e7291ac SP |
59 | if [ -n "$VAULT_KV_V2" ]; then |
60 | _post "{ \"data\": {\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"} }" "$URL" | |
61 | else | |
62 | _post "{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL" | |
63 | fi | |
de692d3d | 64 | else |
7e7291ac SP |
65 | if [ -n "$VAULT_KV_V2" ]; then |
66 | _post "{\"data\": {\"value\": \"$_ccert\"}}" "$URL/cert.pem" | |
67 | _post "{\"data\": {\"value\": \"$_ckey\"}}" "$URL/cert.key" | |
68 | _post "{\"data\": {\"value\": \"$_cca\"}}" "$URL/chain.pem" | |
69 | _post "{\"data\": {\"value\": \"$_cfullchain\"}}" "$URL/fullchain.pem" | |
70 | else | |
71 | _post "{\"value\": \"$_ccert\"}" "$URL/cert.pem" | |
72 | _post "{\"value\": \"$_ckey\"}" "$URL/cert.key" | |
73 | _post "{\"value\": \"$_cca\"}" "$URL/chain.pem" | |
74 | _post "{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem" | |
75 | fi | |
de692d3d SP |
76 | fi |
77 | ||
78 | } |