deploy/vault.sh

   1 #!/usr/bin/env sh
   2
   3 # Here is a script to deploy cert to hashicorp vault using curl
   4 # (https://www.vaultproject.io/)
   5 #
   6 # it requires following environment variables:
   7 #
   8 # VAULT_PREFIX - this contains the prefix path in vault
   9 # VAULT_ADDR - vault requires this to find your vault server
  10 #
  11 # additionally, you need to ensure that VAULT_TOKEN is avialable
  12 # to access the vault server
  13
  14 #returns 0 means success, otherwise error.
  15
  16 ########  Public functions #####################
  17
  18 #domain keyfile certfile cafile fullchain
  19 vault_deploy() {
  20
  21   _cdomain="$1"
  22   _ckey="$2"
  23   _ccert="$3"
  24   _cca="$4"
  25   _cfullchain="$5"
  26
  27   _debug _cdomain "$_cdomain"
  28   _debug _ckey "$_ckey"
  29   _debug _ccert "$_ccert"
  30   _debug _cca "$_cca"
  31   _debug _cfullchain "$_cfullchain"
  32
  33   # validate required env vars
  34   _getdeployconf VAULT_PREFIX
  35   if [ -z "$VAULT_PREFIX" ]; then
  36     _err "VAULT_PREFIX needs to be defined (contains prefix path in vault)"
  37     return 1
  38   fi
  39   _savedeployconf VAULT_PREFIX "$VAULT_PREFIX"
  40
  41   _getdeployconf VAULT_ADDR
  42   if [ -z "$VAULT_ADDR" ]; then
  43     _err "VAULT_ADDR needs to be defined (contains vault connection address)"
  44     return 1
  45   fi
  46   _savedeployconf VAULT_ADDR "$VAULT_ADDR"
  47
  48   # JSON does not allow multiline strings.
  49   # So replacing new-lines with "\n" here
  50   _ckey=$(sed -z 's/\n/\\n/g' <"$2")
  51   _ccert=$(sed -z 's/\n/\\n/g' <"$3")
  52   _cca=$(sed -z 's/\n/\\n/g' <"$4")
  53   _cfullchain=$(sed -z 's/\n/\\n/g' <"$5")
  54
  55   URL="$VAULT_ADDR/v1/$VAULT_PREFIX/$_cdomain"
  56   export _H1="X-Vault-Token: $VAULT_TOKEN"
  57
  58   if [ -n "$FABIO" ]; then
  59     if [ -n "$VAULT_KV_V2" ]; then
  60       _post "{ \"data\": {\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"} }" "$URL"
  61     else
  62       _post "{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL"
  63     fi
  64   else
  65     if [ -n "$VAULT_KV_V2" ]; then
  66       _post "{\"data\": {\"value\": \"$_ccert\"}}" "$URL/cert.pem"
  67       _post "{\"data\": {\"value\": \"$_ckey\"}}" "$URL/cert.key"
  68       _post "{\"data\": {\"value\": \"$_cca\"}}" "$URL/chain.pem"
  69       _post "{\"data\": {\"value\": \"$_cfullchain\"}}" "$URL/fullchain.pem"
  70     else
  71       _post "{\"value\": \"$_ccert\"}" "$URL/cert.pem"
  72       _post "{\"value\": \"$_ckey\"}" "$URL/cert.key"
  73       _post "{\"value\": \"$_cca\"}" "$URL/chain.pem"
  74       _post "{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem"
  75     fi
  76   fi
  77
  78 }