luzifer-docker/vault-self-unseal
1
0
Fork 0
mirror of https://github.com/luzifer-docker/vault-self-unseal.git synced 2024-10-18 11:44:19 +00:00
Code Issues Releases Wiki Activity
vault-self-unseal/entrypoint.sh
Knut Ahlers fbfdac0432
Don't exit self, this might lead to unusable instances 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2018-04-24 16:19:34 +02:00

49 lines
1,002 B
Bash
Raw Blame History

#!/bin/bash
set -euo pipefail
LOCAL_VAULT_ADDR=${LOCAL_VAULT_ADDR:-http://vault:8200}
UNSEAL_TOKEN_FIELD=${UNSEAL_TOKEN_FIELD:-token}
UNSEAL_TOKEN_PATH=${UNSEAL_TOKEN_PATH:-secret/mgmt/unseal}
LIVE_VAULT_ADDR=${VAULT_ADDR} # Fail if unset
VAULT_ROLE_ID=${VAULT_ROLE_ID} # Fail if unset
function authenticate() {
export VAULT_ADDR=${LIVE_VAULT_ADDR}
vault write -field=token auth/approle/login role_id=${VAULT_ROLE_ID}
}
function getUnsealKey() {
export VAULT_ADDR=${LIVE_VAULT_ADDR}
vault read -field=${UNSEAL_TOKEN_FIELD} ${UNSEAL_TOKEN_PATH}
}
function isSealed() {
curl -s ${LOCAL_VAULT_ADDR}/v1/sys/health | jq -e '.sealed == true'
}
function main() {
isSealed || {
echo "Already unsealed."
return 0
}
export VAULT_TOKEN=$(authenticate)
UNSEAL_TOKEN=$(getUnsealKey)
unseal "${UNSEAL_TOKEN}"
isSealed && {
echo "Unseal failed!"
return 1
}
}
function unseal() {
export VAULT_ADDR=${LOCAL_VAULT_ADDR}
vault operator unseal "$1"
}
while [ 1 ]; do
main
sleep 10
done
Reference in a new issue View git blame Copy permalink