]>
Commit | Line | Data |
---|---|---|
90e587a9 BB |
1 | #!/usr/bin/env sh |
2 | ||
3 | # Here is a script to deploy cert to hashicorp vault | |
4 | # (https://www.vaultproject.io/) | |
ac9f6e3a | 5 | # |
90e587a9 BB |
6 | # it requires the vault binary to be available in PATH, and the following |
7 | # environment variables: | |
ac9f6e3a | 8 | # |
90e587a9 BB |
9 | # VAULT_PREFIX - this contains the prefix path in vault |
10 | # VAULT_ADDR - vault requires this to find your vault server | |
11 | # | |
12 | # additionally, you need to ensure that VAULT_TOKEN is avialable or | |
13 | # `vault auth` has applied the appropriate authorization for the vault binary | |
14 | # to access the vault server | |
15 | ||
16 | #returns 0 means success, otherwise error. | |
17 | ||
18 | ######## Public functions ##################### | |
19 | ||
20 | #domain keyfile certfile cafile fullchain | |
2c45f273 | 21 | vault_cli_deploy() { |
90e587a9 BB |
22 | |
23 | _cdomain="$1" | |
24 | _ckey="$2" | |
25 | _ccert="$3" | |
26 | _cca="$4" | |
27 | _cfullchain="$5" | |
28 | ||
29 | _debug _cdomain "$_cdomain" | |
30 | _debug _ckey "$_ckey" | |
31 | _debug _ccert "$_ccert" | |
32 | _debug _cca "$_cca" | |
33 | _debug _cfullchain "$_cfullchain" | |
34 | ||
35 | # validate required env vars | |
b8418ced | 36 | if [ -z "$VAULT_PREFIX" ]; then |
90e587a9 BB |
37 | _err "VAULT_PREFIX needs to be defined (contains prefix path in vault)" |
38 | return 1 | |
39 | fi | |
40 | ||
b8418ced | 41 | if [ -z "$VAULT_ADDR" ]; then |
90e587a9 BB |
42 | _err "VAULT_ADDR needs to be defined (contains vault connection address)" |
43 | return 1 | |
44 | fi | |
45 | ||
61613bee | 46 | VAULT_CMD=$(command -v vault) |
c86755f1 | 47 | if [ ! $? ]; then |
90e587a9 BB |
48 | _err "cannot find vault binary!" |
49 | return 1 | |
50 | fi | |
51 | ||
c84466b1 | 52 | if [ -n "$FABIO" ]; then |
cc90f834 | 53 | $VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}" cert=@"$_cfullchain" key=@"$_ckey" || return 1 |
c84466b1 | 54 | else |
cc90f834 CLG |
55 | $VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 |
56 | $VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 | |
57 | $VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 | |
58 | $VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 | |
c84466b1 | 59 | fi |
90e587a9 BB |
60 | |
61 | } |