]>
git.proxmox.com Git - mirror_acme.sh.git/blob - deploy/vault_cli.sh
3 # Here is a script to deploy cert to hashicorp vault
4 # (https://www.vaultproject.io/)
6 # it requires the vault binary to be available in PATH, and the following
7 # environment variables:
9 # VAULT_PREFIX - this contains the prefix path in vault
10 # VAULT_ADDR - vault requires this to find your vault server
12 # additionally, you need to ensure that VAULT_TOKEN is avialable or
13 # `vault auth` has applied the appropriate authorization for the vault binary
14 # to access the vault server
16 #returns 0 means success, otherwise error.
18 ######## Public functions #####################
20 #domain keyfile certfile cafile fullchain
29 _debug _cdomain
"$_cdomain"
31 _debug _ccert
"$_ccert"
33 _debug _cfullchain
"$_cfullchain"
35 # validate required env vars
36 if [ -z "$VAULT_PREFIX" ]; then
37 _err
"VAULT_PREFIX needs to be defined (contains prefix path in vault)"
41 if [ -z "$VAULT_ADDR" ]; then
42 _err
"VAULT_ADDR needs to be defined (contains vault connection address)"
46 VAULT_CMD
=$
(command -v vault
)
48 _err
"cannot find vault binary!"
52 if [ -n "$FABIO" ]; then
53 $VAULT_CMD kv put
"${VAULT_PREFIX}/${_cdomain}" cert
=@
"$_cfullchain" key
=@
"$_ckey" ||
return 1
55 $VAULT_CMD kv put
"${VAULT_PREFIX}/${_cdomain}/cert.pem" value
=@
"$_ccert" ||
return 1
56 $VAULT_CMD kv put
"${VAULT_PREFIX}/${_cdomain}/cert.key" value
=@
"$_ckey" ||
return 1
57 $VAULT_CMD kv put
"${VAULT_PREFIX}/${_cdomain}/chain.pem" value
=@
"$_cca" ||
return 1
58 $VAULT_CMD kv put
"${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value
=@
"$_cfullchain" ||
return 1