Skip to content

Instantly share code, notes, and snippets.

@abdennour

abdennour/vault-read-write-yaml.sh

Last active July 23, 2020 10:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save abdennour/0dd706089e204b5247925d273bbae94f to your computer and use it in GitHub Desktop.
Save abdennour/0dd706089e204b5247925d273bbae94f to your computer and use it in GitHub Desktop.
Download ZIP
vault read write utils
Raw
vault-read-write-yaml.sh
read_vault_data()
{
vault read -field=value $VAULT_SECRET_PATH/config > config.yaml
}
write_vault_data()
{
vault write $VAULT_SECRET_PATH/config value=@config.yaml
}
Raw
vaultRead.groovy
#!/usr/bin/env groovy
def call(body){
def config = [:]
body.resolveStrategy = Closure.DELEGATE_FIRST
body.delegate = config
body()
def splited = config.secretPath.split('@')
def chartPath = config.chartPath
def secretPath = splited[0]
def key = splited.size() == 2 ? splited[1] : 'value'
def saveFile = config.saveFile ?: key == 'value' ? secretPath : "${secretPath}/${key}"
WithVaultCredentials {
sh """
vault kv get --field=${key} "${config.vaultNamespace}${secretPath}" > "${chartPath}/${saveFile}"
"""
}
}
// USAGE --------------:
// container('vault') {
// secretsMap.each {
// ReadVaultSecret {
// vaultNamespace = "secret/projects/x/${currentEnv}/${currentApp}-${currentEnv}/"
// chartPath = currentPath
// secretPath = it.key
// saveFile = it.value
// }
// }
// ReadVaultSecret {
// vaultNamespace = "secret/devops/${currentEnv}/"
// chartPath = currentPath
// secretPath = "kubeconfig"
// }
// }
Raw
vaultWrite.groovy
#!/usr/bin/env groovy
def call(body){
def config = [:]
body.resolveStrategy = Closure.DELEGATE_FIRST
body.delegate = config
body()
def key = config.key ?: 'value'
WithVaultCredentials {
sh """
vault kv put ${config.secretPath} ${key}=${config.value}
"""
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment