mirror of
https://github.com/Luzifer/vault-openvpn.git
synced 2024-12-25 14:21:21 +00:00
Add support for Vault KVv2 backends
refs #9 Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
0285eefd46
commit
5edcfdb900
2 changed files with 19 additions and 2 deletions
11
README.md
11
README.md
|
@ -127,3 +127,14 @@ $ vault-openvpn --auto-revoke --ovpn-key secret/ovpn --pki-mountpoint luzifer_io
|
|||
# for the client config
|
||||
$ vault-openvpn --auto-revoke --ovpn-key secret/ovpn --pki-mountpoint luzifer_io client workwork01.openvpn.luzifer.io
|
||||
```
|
||||
|
||||
Pay attention when using a **Vault KV v2 backend**: You need to specify the path slighty different and use `vault-openvpn` v1.9.0 and above.
|
||||
|
||||
```console
|
||||
$ openvpn --genkey --secret openvpn.key
|
||||
$ vault kv put secret/vault-openvpn/ovpn key=@openvpn.key
|
||||
|
||||
$ vault-openvpn --auto-revoke --ovpn-key secret/data/vault-openvpn/ovpn --pki-mountpoint luzifer_io client workwork01.openvpn.luzifer.io
|
||||
```
|
||||
|
||||
Mind the additional `/data` added inside the key directly after the mount. This is required due to the differences in API methods between the KV v1 and v2 backends.
|
||||
|
|
|
@ -13,10 +13,11 @@ import (
|
|||
"text/template"
|
||||
"time"
|
||||
|
||||
dhparam "github.com/Luzifer/go-dhparam"
|
||||
"github.com/hashicorp/vault/api"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"github.com/spf13/viper"
|
||||
|
||||
dhparam "github.com/Luzifer/go-dhparam"
|
||||
)
|
||||
|
||||
func fetchCertificateBySerial(serial string) (*x509.Certificate, bool, bool, error) {
|
||||
|
@ -53,7 +54,12 @@ func fetchOVPNKey() (string, error) {
|
|||
return "", errors.New("Got no data from backend")
|
||||
}
|
||||
|
||||
key, ok := secret.Data["key"]
|
||||
dmap := secret.Data
|
||||
if mapv2, ok := secret.Data["data"]; ok {
|
||||
dmap = mapv2.(map[string]interface{})
|
||||
}
|
||||
|
||||
key, ok := dmap["key"]
|
||||
if !ok {
|
||||
return "", errors.New("Within specified secret no entry named 'key' was found")
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue