luzifer/cfg
1
0
Fork 0
Code Releases Activity

Add logging and credential erase

Browse source 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2022-08-19 15:13:10 +02:00
parent ae2dc0558e
commit 061da331ee
Signed by: luzifer
GPG key ID: 0066F03ED215AD7D
1 changed files with 23 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
bin/docker-credential-vault
View file

@ -6,17 +6,20 @@ set -euo pipefail
# 1) Put this into your ~/.docker/config.json: # 1) Put this into your ~/.docker/config.json:
# { "credsStore": "vault" } # { "credsStore": "vault" }
# #
# 2) Optional: Create ~/.config/docker-credential-test with an # 2) Optional: Create ~/.config/docker-credential-vault with an
# override for the $PREFIX variable which defaults to # override for the $PREFIX variable which defaults to
# "secret/docker-credential" in case you want to store the # "secret/docker-credential" in case you want to store the
# credentials some place else # credentials some place else. If you want the script to
# behave more verbose you can set NO_LOG=0 in order to enable
# logging all actions to STDERR
# #
# 3) Ensure vault is installed and can access the path specified by # 3) Ensure vault is installed and can access the path specified by
# $PREFIX/* # $PREFIX/*
config="${HOME}/.config/docker-credential-test" config="${HOME}/.config/docker-credential-vault"
req_cmds=(jq vault) req_cmds=(jq md5sum vault)
NO_LOG=1
PREFIX=secret/docker-credential PREFIX=secret/docker-credential
[[ -f $config ]] && source "${config}" || true [[ -f $config ]] && source "${config}" || true
@ -31,13 +34,26 @@ function check_command() {
function get() { function get() {
local hostname="$(cat -s)" # Missing newline at the end, read does not work local hostname="$(cat -s)" # Missing newline at the end, read does not work
log "Retrieving credential for ${hostname} if exists..."
vault read -field=data -format=json "${PREFIX}/$(hash_hostname "${hostname}")" vault read -field=data -format=json "${PREFIX}/$(hash_hostname "${hostname}")"
} }
function erase() {
local hostname="$(cat -s)" # Missing newline at the end, read does not work
log "Deleting credential for ${hostname} if exists..."
vault delete "${PREFIX}/$(hash_hostname "${hostname}")" >/dev/null
}
function hash_hostname() { function hash_hostname() {
echo "$1" | md5sum | cut -d ' ' -f 1 echo "$1" | md5sum | cut -d ' ' -f 1
} }
function log() {
[ $NO_LOG -eq 0 ] || return
echo "[$(date +%H:%M:%S)][docker-credential-vault] $@" >&2
}
function main() { function main() {
for cmd in "${req_cmds[@]}"; do for cmd in "${req_cmds[@]}"; do
check_command "${cmd}" check_command "${cmd}"
@ -45,9 +61,10 @@ function main() {
case "${1:-help}" in case "${1:-help}" in
get) get ;; get) get ;;
erase) erase ;;
store) store ;; store) store ;;
*) *)
echo "Supported are only 'get' and 'store' arg" >&2 echo "Supported are only: get, erase, store'" >&2
exit 1 exit 1
;; ;;
esac esac
@ -60,6 +77,7 @@ function store() {
local username=$(echo "${json}" | jq -r '.Username') local username=$(echo "${json}" | jq -r '.Username')
local secret=$(echo "${json}" | jq -r '.Secret') local secret=$(echo "${json}" | jq -r '.Secret')
log "Updating credential for ${hostname}..."
vault write "${PREFIX}/$(hash_hostname "${hostname}")" \ vault write "${PREFIX}/$(hash_hostname "${hostname}")" \
"ServerURL=${hostname}" \ "ServerURL=${hostname}" \
"Username=${username}" \ "Username=${username}" \