Created
April 6, 2020 10:41
-
-
Save data-henrik/dc897fc924207589d47cb3aa68867ace to your computer and use it in GitHub Desktop.
Create new key in IBM Cloud Key Protect from JSON object with credentials
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Obtain the necessary credentials from environment, encode them | |
| # as base64 JSON and upload them a new key to IBM Cloud Key Protect | |
| # | |
| # The following software is used: | |
| # - base64 | |
| # - ibmcloud: IBM Cloud CLI with Key Protect (kp) plugin | |
| KEYNAME_CREDS="CREDS_TEST_Henrik" | |
| if [ -z "$KEY1_ID" ]; then | |
| echo "Credential input: KEY1_ID required" | |
| exit | |
| fi | |
| if [ -z "$KEY1_SECRET" ]; then | |
| echo "Credential input: KEY1_SECRET required" | |
| exit | |
| fi | |
| if [ -z "$KP_INST_ID" ]; then | |
| echo "Key Protect instance: KP_INST_ID required" | |
| exit | |
| fi | |
| echo "Encoding" | |
| # Compose JSON object of credentials | |
| creds='{ "KEY1_ID": "'${KEY1_ID}'", "KEY1_SECRET": "'${KEY1_SECRET}'" }' | |
| # Base64 encoding | |
| encoded=$(base64 -w 0 - <<< ${creds} ) | |
| echo "Uploading to Key Protect" | |
| # Create a new standard key holding the base64-encoded credentials | |
| newKey=$(ibmcloud kp create $KEYNAME_CREDS --standard-key --key-material $encoded -i $KP_INST_ID --output json) | |
| # Output of new key JSON metadata. Use jq to parse and postprocess it. | |
| echo "$newKey" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment