Skip to content

Instantly share code, notes, and snippets.

@elasticdog elasticdog/vault-cp
Created Jul 27, 2018

Embed
What would you like to do?
A script to copy Vault secrets from one path to another
#!/usr/bin/env bash
# ensure we were given two command line arguments
if [[ $# -ne 2 ]]; then
echo 'usage: vault-cp SOURCE DEST' >&2
exit 1
fi
source=$1
dest=$2
# check for dependencies
if ! command -v jq > /dev/null; then
echo 'vault-cp: required command "jq" was not found' >&2
exit 1
fi
# check for existing values; this is ugly, but
# the `vault read` command always exits with 0
source_json=$(vault read -format=json "$source" 2>&1)
if [[ $source_json == "No value found at $source" ]]; then
echo "$source_json" >&2
exit 1
fi
source_data=$(echo "$source_json" | jq '.data')
[[ -n $DEBUG ]] && printf '%s\n' "$source_data"
dest_check=$(vault read "$dest" 2>&1 1> /dev/null)
if [[ $dest_check != "No value found at $dest" ]]; then
overwrite='n'
printf 'Destination "%s" already exists...overwrite? [y/N] ' "$dest"
read -r overwrite
# only overwrite if user explicitly confirms
if [[ ! $overwrite =~ ^[Yy]$ ]]; then
echo 'vault-cp: copying has been aborted' >&2
exit 1
fi
fi
echo "$source_data" | vault write "$dest" -
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.