Last active
November 28, 2021 16:38
-
-
Save joemiller/761fd300f31c9132b99d16b57baa878c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Start the server in dev mode: | |
# | |
# bash setup-pki-vault-server.sh | |
# | |
# In another window, generate a cert: | |
# | |
# VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=root vault write pki/issue/any common_name=foo | |
# | |
# Issue a cert and pipe it thru `openssl` to see the contents: | |
# | |
# VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=root vault write -field=certificate pki/issue/any common_name=foo | openssl x509 -text -noout | |
VAULT_ADDR=http://localhost:8200 | |
VAULT_TOKEN=root | |
export VAULT_ADDR VAULT_TOKEN | |
echo "==> starting vault server in dev mode" | |
vault server -dev -dev-root-token-id=$VAULT_TOKEN & | |
vault_pid=$! | |
shutdown() { | |
kill "$vault_pid" | |
} | |
trap shutdown EXIT | |
echo "==> waiting for vault to become ready..." | |
until vault status >/dev/null; do | |
sleep 1 | |
done | |
echo "==> Enabling PKI backend at /pki with a cert role named 'any'" | |
vault secrets enable -path=pki -max-lease-ttl=8640h pki | |
vault write pki/root/generate/internal common_name=root ttl=8640h | |
vault write pki/roles/any allow_any_name=true | |
echo "Vault should be running now. Ctrl-C to shutdown" | |
wait $vault_pid |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment