mirror of
https://github.com/Luzifer/vault-openvpn.git
synced 2024-12-25 14:21:21 +00:00
Add support for Vault KVv2 backends
refs #9 Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
0285eefd46
commit
5edcfdb900
2 changed files with 19 additions and 2 deletions
11
README.md
11
README.md
|
@ -127,3 +127,14 @@ $ vault-openvpn --auto-revoke --ovpn-key secret/ovpn --pki-mountpoint luzifer_io
|
||||||
# for the client config
|
# for the client config
|
||||||
$ vault-openvpn --auto-revoke --ovpn-key secret/ovpn --pki-mountpoint luzifer_io client workwork01.openvpn.luzifer.io
|
$ vault-openvpn --auto-revoke --ovpn-key secret/ovpn --pki-mountpoint luzifer_io client workwork01.openvpn.luzifer.io
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Pay attention when using a **Vault KV v2 backend**: You need to specify the path slighty different and use `vault-openvpn` v1.9.0 and above.
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ openvpn --genkey --secret openvpn.key
|
||||||
|
$ vault kv put secret/vault-openvpn/ovpn key=@openvpn.key
|
||||||
|
|
||||||
|
$ vault-openvpn --auto-revoke --ovpn-key secret/data/vault-openvpn/ovpn --pki-mountpoint luzifer_io client workwork01.openvpn.luzifer.io
|
||||||
|
```
|
||||||
|
|
||||||
|
Mind the additional `/data` added inside the key directly after the mount. This is required due to the differences in API methods between the KV v1 and v2 backends.
|
||||||
|
|
|
@ -13,10 +13,11 @@ import (
|
||||||
"text/template"
|
"text/template"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
dhparam "github.com/Luzifer/go-dhparam"
|
|
||||||
"github.com/hashicorp/vault/api"
|
"github.com/hashicorp/vault/api"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"github.com/spf13/viper"
|
"github.com/spf13/viper"
|
||||||
|
|
||||||
|
dhparam "github.com/Luzifer/go-dhparam"
|
||||||
)
|
)
|
||||||
|
|
||||||
func fetchCertificateBySerial(serial string) (*x509.Certificate, bool, bool, error) {
|
func fetchCertificateBySerial(serial string) (*x509.Certificate, bool, bool, error) {
|
||||||
|
@ -53,7 +54,12 @@ func fetchOVPNKey() (string, error) {
|
||||||
return "", errors.New("Got no data from backend")
|
return "", errors.New("Got no data from backend")
|
||||||
}
|
}
|
||||||
|
|
||||||
key, ok := secret.Data["key"]
|
dmap := secret.Data
|
||||||
|
if mapv2, ok := secret.Data["data"]; ok {
|
||||||
|
dmap = mapv2.(map[string]interface{})
|
||||||
|
}
|
||||||
|
|
||||||
|
key, ok := dmap["key"]
|
||||||
if !ok {
|
if !ok {
|
||||||
return "", errors.New("Within specified secret no entry named 'key' was found")
|
return "", errors.New("Within specified secret no entry named 'key' was found")
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue