3 # Here is a script to deploy cert to hashicorp vault using curl
4 # (https://www.vaultproject.io/)
6 # it requires following environment variables:
8 # VAULT_PREFIX - this contains the prefix path in vault
9 # VAULT_ADDR - vault requires this to find your vault server
11 # additionally, you need to ensure that VAULT_TOKEN is avialable
12 # to access the vault server
14 #returns 0 means success, otherwise error.
16 ######## Public functions #####################
18 #domain keyfile certfile cafile fullchain
27 _debug _cdomain
"$_cdomain"
29 _debug _ccert
"$_ccert"
31 _debug _cfullchain
"$_cfullchain"
33 # validate required env vars
34 _getdeployconf VAULT_PREFIX
35 if [ -z "$VAULT_PREFIX" ]; then
36 _err
"VAULT_PREFIX needs to be defined (contains prefix path in vault)"
39 _savedeployconf VAULT_PREFIX
"$VAULT_PREFIX"
41 _getdeployconf VAULT_ADDR
42 if [ -z "$VAULT_ADDR" ]; then
43 _err
"VAULT_ADDR needs to be defined (contains vault connection address)"
46 _savedeployconf VAULT_ADDR
"$VAULT_ADDR"
48 # JSON does not allow multiline strings.
49 # So replacing new-lines with "\n" here
50 _ckey
=$
(sed -z 's/\n/\\n/g' <"$2")
51 _ccert
=$
(sed -z 's/\n/\\n/g' <"$3")
52 _cca
=$
(sed -z 's/\n/\\n/g' <"$4")
53 _cfullchain
=$
(sed -z 's/\n/\\n/g' <"$5")
55 URL
="$VAULT_ADDR/v1/$VAULT_PREFIX/$_cdomain"
56 export _H1
="X-Vault-Token: $VAULT_TOKEN"
58 if [ -n "$FABIO" ]; then
59 if [ -n "$VAULT_KV_V2" ]; then
60 _post
"{ \"data\": {\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"} }" "$URL"
62 _post
"{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL"
65 if [ -n "$VAULT_KV_V2" ]; then
66 _post
"{\"data\": {\"value\": \"$_ccert\"}}" "$URL/cert.pem"
67 _post
"{\"data\": {\"value\": \"$_ckey\"}}" "$URL/cert.key"
68 _post
"{\"data\": {\"value\": \"$_cca\"}}" "$URL/chain.pem"
69 _post
"{\"data\": {\"value\": \"$_cfullchain\"}}" "$URL/fullchain.pem"
71 _post
"{\"value\": \"$_ccert\"}" "$URL/cert.pem"
72 _post
"{\"value\": \"$_ckey\"}" "$URL/cert.key"
73 _post
"{\"value\": \"$_cca\"}" "$URL/chain.pem"
74 _post
"{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem"