Skip to content

Instantly share code, notes, and snippets.

@WhatsARanjit
Last active December 13, 2019 03:14
Show Gist options
  • Save WhatsARanjit/ba7bfd721c7bce2f915ee1a6e3bb187b to your computer and use it in GitHub Desktop.
Save WhatsARanjit/ba7bfd721c7bce2f915ee1a6e3bb187b to your computer and use it in GitHub Desktop.
Vault metrics pull
#!/bin/bash
echo "Vault address: ${VAULT_ADDR}"
function vault_curl() {
curl -sk \
${CURL_VERBOSE:+"-v"} \
--header "X-Vault-Token: $VAULT_TOKEN" \
--cert <(echo $VAULT_CLIENT_CERT) \
--key <(echo $VAULT_CLIENT_KEY) \
--cacert <(echo $VAULT_CACERT) \
"$@"
}
# Entities
TOTAL_ENTITIES=$(vault_curl \
--request LIST \
$VAULT_ADDR/v1/identity/entity/id | \
jq -r '.["data"]["keys"] | length')
echo "Total entities: $TOTAL_ENTITIES"
# Roles
TOTAL_ROLES=0
for mount in $(vault_curl \
$VAULT_ADDR/v1/sys/auth | \
jq -r '.["data"] | keys[]');
do
users=$(vault_curl \
--request LIST \
$VAULT_ADDR/v1/auth/${mount}users | \
jq -r '.["data"]["keys"] | length')
roles=$(vault_curl \
--request LIST \
$VAULT_ADDR/v1/auth/${mount}roles | \
jq -r '.["data"]["keys"] | length')
TOTAL_ROLES=$((TOTAL_ROLES + users + roles))
done
echo "Total auth roles/users: $TOTAL_ROLES"
# Tokens
TOTAL_TOKENS=0
for accessor in $(vault_curl \
--request LIST \
$VAULT_ADDR/v1/auth/token/accessors | \
jq -r '.["data"]["keys"] | join("\n")');
do
token=$(vault_curl \
--request POST \
-d "{ \"accessor\": \"${accessor}\" }" \
$VAULT_ADDR/v1/auth/token/lookup-accessor | \
jq -r '.| [select(.data.path == "auth/token/create")] | length')
TOTAL_TOKENS=$((TOTAL_TOKENS + $token))
done
echo "Total tokens: $TOTAL_TOKENS"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment