Skip to content

Instantly share code, notes, and snippets.

@joemiller

joemiller/setup-pki-vault-server.sh

Last active November 28, 2021 16:38
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save joemiller/761fd300f31c9132b99d16b57baa878c to your computer and use it in GitHub Desktop.
Save joemiller/761fd300f31c9132b99d16b57baa878c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
setup-pki-vault-server.sh
#!/bin/bash
#
# Start the server in dev mode:
#
# bash setup-pki-vault-server.sh
#
# In another window, generate a cert:
#
# VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=root vault write pki/issue/any common_name=foo
#
# Issue a cert and pipe it thru `openssl` to see the contents:
#
# VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=root vault write -field=certificate pki/issue/any common_name=foo | openssl x509 -text -noout
VAULT_ADDR=http://localhost:8200
VAULT_TOKEN=root
export VAULT_ADDR VAULT_TOKEN
echo "==> starting vault server in dev mode"
vault server -dev -dev-root-token-id=$VAULT_TOKEN &
vault_pid=$!
shutdown() {
kill "$vault_pid"
}
trap shutdown EXIT
echo "==> waiting for vault to become ready..."
until vault status >/dev/null; do
sleep 1
done
echo "==> Enabling PKI backend at /pki with a cert role named 'any'"
vault secrets enable -path=pki -max-lease-ttl=8640h pki
vault write pki/root/generate/internal common_name=root ttl=8640h
vault write pki/roles/any allow_any_name=true
echo "Vault should be running now. Ctrl-C to shutdown"
wait $vault_pid
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment