-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathunseal-vault-enable-approle-databases.sh
41 lines (32 loc) · 1.47 KB
/
unseal-vault-enable-approle-databases.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/bin/env bash
VAULT_ADDR=http://localhost:8200
echo "================"
echo "-- Initializing Vault"
VAULT_KEYS=$(curl -X PUT -s -d '{ "secret_shares": 1, "secret_threshold": 1 }' ${VAULT_ADDR}/v1/sys/init | jq .)
VAULT_KEY1=$(echo ${VAULT_KEYS} | jq -r .keys_base64[0])
VAULT_ROOT_TOKEN=$(echo ${VAULT_KEYS} | jq -r .root_token)
sleep 1
echo
echo "--> unsealing Vault ..."
curl -X PUT -d '{ "key": "'${VAULT_KEY1}'" }' ${VAULT_ADDR}/v1/sys/unseal
sleep 1
echo
echo "================"
echo "-- AppRole (login without secret-id)"
echo
echo "--> enabling the AppRole auth method ..."
curl -X POST -i -H "X-Vault-Token: ${VAULT_ROOT_TOKEN}" -d '{"type": "approle"}' ${VAULT_ADDR}/v1/sys/auth/approle
sleep 1
echo "================"
echo "-- Mounting Database ..."
curl -X POST -i -H "X-Vault-Token:${VAULT_ROOT_TOKEN}" -d '{"type": "database"}' ${VAULT_ADDR}/v1/sys/mounts/database
sleep 1
echo
echo "--> configuring PostgreSQL plugin and connection ..."
curl -X POST -i -H "X-Vault-Token: ${VAULT_ROOT_TOKEN}" -d "{\"plugin_name\": \"postgresql-database-plugin\", \"allowed_roles\": \"*\", \"connection_url\": \"postgresql://{{username}}:{{password}}@postgres:5432/springvault?sslmode=disable\", \"username\": \"spring\", \"password\": \"vault\"}" ${VAULT_ADDR}/v1/database/config/postgresql
sleep 1
echo
echo "************************************************************"
echo "export VAULT_ROOT_TOKEN=${VAULT_ROOT_TOKEN}"
echo "************************************************************"
echo