Skip to content

Instantly share code, notes, and snippets.

@grahamc

grahamc/gist:2a6cb995cf6b7db9d52b5ac4b541ddae Secret

Created February 9, 2021 01:50
Show Gist options
  • Save grahamc/2a6cb995cf6b7db9d52b5ac4b541ddae to your computer and use it in GitHub Desktop.
Save grahamc/2a6cb995cf6b7db9d52b5ac4b541ddae to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
plugins = {
packet = {
type = "secret";
package = pluginPkgs.vault-plugin-secrets-packet;
command = "vault-plugin-secrets-packet";
};
github = {
type = "secret";
package = pluginPkgs.vault-plugin-secrets-github;
command = "vault-plugin-secrets-github";
};
};
pluginsBin = pkgs.runCommand "vault-env" {}
''
mkdir -p $out/bin
${builtins.concatStringsSep "\n" (
lib.attrsets.mapAttrsToList (
name: info:
''
(
echo "#!/bin/sh"
echo 'exec ${info.package}/bin/${info.command} "$@"'
) > $out/bin/${info.command}
chmod +x $out/bin/${info.command}
''
) plugins
)}
'';
...
${builtins.concatStringsSep "\n" (
lib.attrsets.mapAttrsToList (
name: value:
''
expected_sha_256="$(sha256sum ${pluginsBin}/bin/${value.command} | cut -d " " -f1)"
echo "Re-registering ${name}"
vault plugin register -command "${value.command}" -args="${plugin_args}" -sha256 "$expected_sha_256" ${value.type} ${name}
vault write sys/plugins/reload/backend plugin=${name}
''
) plugins
)}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment