lichnak/install-vault.sh

## install-vault.sh
#!/bin/sh

echo "
  _           _        _ _                       _ _         _
 (_)_ __  ___| |_ __ _| | |    __   ____ _ _   _| | |_   ___| |__
 | | '_ \/ __| __/ _\` | | |____\ \ / / _\` | | | | | __| / __| '_ \
 | | | | \__ \ || (_| | | |_____\ V / (_| | |_| | | |_ _\__ \ | | |
 |_|_| |_|___/\__\__,_|_|_|      \_/ \__,_|\__,_|_|\__(_)___/_| |_|

"

# Script Configuration
# parent directory of hashicorp vault (where sealed / encrypted data is stored onto disk)
PARENT_DIR=~/hashicorp/
SECRET_SHARES=5
SECRET_THRESHOLD=3

# start region {{
mkdir -p $PARENT_DIR
cd $PARENT_DIR
mkdir -p vault/data

timeout 2 sudo id &> /dev/null && sudo_access=1 || sudo_access=0;
if [[ "$sudo_access" -eq 0 ]]; then
    echo "ERROR ::: This script requires the user to have sudo privilege."
elif [[ "$sudo_access" -eq 1 ]]; then
    echo "SUCCESS ::: User has sudo privilege... Continuing..."
    echo
    echo

    read -p "Number of secret shares [default: 5]: " input
    input=${input:-5}
    if [[ $input ]] && [ $input -eq $input 2>/dev/null ]
    then
        SECRET_SHARES=$input
    fi

    read -p "Number of secret threshold [default: 3]: " input
    input=${input:-3}
    if [[ $input ]] && [ $input -eq $input 2>/dev/null ]
    then
        SECRET_THRESHOLD=$input
    fi

    echo
    echo

    if [ $SECRET_THRESHOLD -gt $SECRET_SHARES ]; then
        echo "WARN ::: SECRET_SHARES is less than SECRET_THRESHOLD"
        echo "WARN ::: Setting default values for SECRET_SHARES (5) and SECRET_THRESHOLD (3)"
        SECRET_SHARES=5
        SECRET_THRESHOLD=3
    fi

    echo "WARN :::Attempting to install Hashicorp Vault..."
    if ! command -v vault &> /dev/null
    then
        os=$(sed -e 's/"//' -e 's/"//' <<< "$(cut -d "=" -f2 <<< "$(egrep '^(ID)=' /etc/*release)")")
        if [[ $os =~ "amzn" ]]; then
            echo "============================================================="
            echo "Detected OS: Amazon Linux"
            echo "============================================================="
            sudo yum install -y yum-utils
            sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
            sudo yum -y install vault
        elif [[ $os =~ "ubuntu" ]]; then
            echo "============================================================="
            echo "Detected OS: Ubuntu"
            echo "============================================================="
            curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
            sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
            sudo apt-get update && sudo apt-get install -y vault
        elif [[ $os =~ "centos" ]]; then
            echo "============================================================="
            echo "Detected OS: CentOS"
            echo "============================================================="
            sudo yum install -y yum-utils
            sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
            sudo yum -y install vault
        elif [[ $os =~ "rhel" ]]; then
            echo "============================================================="
            echo "Detected OS: RedHat"
            echo "============================================================="
            sudo yum install -y yum-utils
            sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
            sudo yum -y install vault
        elif [[ $os =~ "fedora" ]]; then
            echo "============================================================="
            echo "Detected OS: Fedora"
            echo "============================================================="
            sudo dnf install -y dnf-plugins-core
            sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
            sudo dnf -y install vault
        else
            echo "============================================================="
            echo "Please navigate to Hashicorp website and"
            echo "download the approriate binary."
            echo "============================================================="
        fi

        if ! command -v vault &> /dev/null
        then
            echo "ERROR ::: Failed to install"

        else
            echo "SUCCESS ::: Installed Hashicorp Vault"
        fi
    else
        echo "WARN ::: Hashicorp Vault is already installed..."
        echo "WARN ::: Skipping..."
    fi

    echo
    echo

    read -p "Create default Hashicorp Vault config (y/n)? " CONT
    if [ "$CONT" = "y" ]; then
        echo "ui = true
    disable_mlock = true

    storage \"raft\" {
    path    = \"./vault/data\"
    node_id = \"node1\"
    }

    listener \"tcp\" {
    address     = \"0.0.0.0:8200\"
    tls_disable = 1
    }

    api_addr = \"http://127.0.0.1:8200\"
    cluster_addr = \"https://127.0.0.1:8201\"" > config.hcl

    echo "============================================================="
    echo "config.hcl"
    echo "============================================================="
    cat config.hcl
    echo "============================================================="
    fi

    echo
    echo

    if test -f "./config.hcl"; then
        read -p "Run Vault (y/n)? " CONT
        if [ "$CONT" = "y" ]; then
            $(vault server -config=config.hcl) &> /dev/null &

            read -p "Initialize Vault (y/n)? " CONT
            if [ "$CONT" = "y" ]; then
                if test -f "./.vault_secret.json"; then
                    echo
                    echo
                    echo "File already exists: .vault_secret.json"
                    echo "WARN: This will overwrite the existing file!"
                    read -p "Are you sure you want to continue (y/n)? " CONT
                    if [ "$CONT" = "y" ]; then
                        PAYLOAD="{\"secret_shares\":$SECRET_SHARES,\"secret_threshold\":$SECRET_THRESHOLD}"
                        curl --request POST --data "$PAYLOAD" http://127.0.0.1:8200/v1/sys/init > ./.vault_secret.json
                        echo "============================================================="
                        echo "WARN :::Vault Secret saved in ./.vault_secret.json"
                        echo "WARN ::: KEEP THIS SECURE!"
                        echo "============================================================="
                        cat ./.vault_secret.json
                        echo "============================================================="
                    fi
                else
                    PAYLOAD="{\"secret_shares\":$SECRET_SHARES,\"secret_threshold\":$SECRET_THRESHOLD}"
                    curl --request POST --data "$PAYLOAD" http://127.0.0.1:8200/v1/sys/init > ./.vault_secret.json
                    echo "============================================================="
                    echo "WARN ::: Vault Secret saved in ./.vault_secret.json"
                    echo "WARN ::: KEEP THIS SECURE!"
                    echo "============================================================="
                    cat ./.vault_secret.json
                    echo "============================================================="
                fi
            fi
        fi
    else
        echo "ERROR ::: Requires vault config (config.hcl) to run vault..."
    fi
fi
# end region }}
	#!/bin/sh

	echo "
	_ _ _ _ _ _ _
	(_)_ __ ___\| \|_ __ _\| \| \| __ ____ _ _ _\| \| \|_ ___\| \|__
	\| \| '_ \/ __\| __/ _\` \| \| \|____\ \ / / _\` \| \| \| \| \| __\| / __\| '_ \
	\| \| \| \| \__ \ \|\| (_\| \| \| \|_____\ V / (_\| \| \|_\| \| \| \|_ _\__ \ \| \| \|
	\|_\|_\| \|_\|___/\__\__,_\|_\|_\| \_/ \__,_\|\__,_\|_\|\__(_)___/_\| \|_\|

	"

	# Script Configuration
	# parent directory of hashicorp vault (where sealed / encrypted data is stored onto disk)
	PARENT_DIR=~/hashicorp/
	SECRET_SHARES=5
	SECRET_THRESHOLD=3

	# start region {{
	mkdir -p $PARENT_DIR
	cd $PARENT_DIR
	mkdir -p vault/data

	timeout 2 sudo id &> /dev/null && sudo_access=1 \|\| sudo_access=0;
	if [[ "$sudo_access" -eq 0 ]]; then
	echo "ERROR ::: This script requires the user to have sudo privilege."
	elif [[ "$sudo_access" -eq 1 ]]; then
	echo "SUCCESS ::: User has sudo privilege... Continuing..."
	echo
	echo

	read -p "Number of secret shares [default: 5]: " input
	input=${input:-5}
	if [[ $input ]] && [ $input -eq $input 2>/dev/null ]
	then
	SECRET_SHARES=$input
	fi

	read -p "Number of secret threshold [default: 3]: " input
	input=${input:-3}
	if [[ $input ]] && [ $input -eq $input 2>/dev/null ]
	then
	SECRET_THRESHOLD=$input
	fi

	echo
	echo

	if [ $SECRET_THRESHOLD -gt $SECRET_SHARES ]; then
	echo "WARN ::: SECRET_SHARES is less than SECRET_THRESHOLD"
	echo "WARN ::: Setting default values for SECRET_SHARES (5) and SECRET_THRESHOLD (3)"
	SECRET_SHARES=5
	SECRET_THRESHOLD=3
	fi

	echo "WARN :::Attempting to install Hashicorp Vault..."
	if ! command -v vault &> /dev/null
	then
	os=$(sed -e 's/"//' -e 's/"//' <<< "$(cut -d "=" -f2 <<< "$(egrep '^(ID)=' /etc/*release)")")
	if [[ $os =~ "amzn" ]]; then
	echo "============================================================="
	echo "Detected OS: Amazon Linux"
	echo "============================================================="
	sudo yum install -y yum-utils
	sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
	sudo yum -y install vault
	elif [[ $os =~ "ubuntu" ]]; then
	echo "============================================================="
	echo "Detected OS: Ubuntu"
	echo "============================================================="
	curl -fsSL https://apt.releases.hashicorp.com/gpg \| sudo apt-key add -
	sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
	sudo apt-get update && sudo apt-get install -y vault
	elif [[ $os =~ "centos" ]]; then
	echo "============================================================="
	echo "Detected OS: CentOS"
	echo "============================================================="
	sudo yum install -y yum-utils
	sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
	sudo yum -y install vault
	elif [[ $os =~ "rhel" ]]; then
	echo "============================================================="
	echo "Detected OS: RedHat"
	echo "============================================================="
	sudo yum install -y yum-utils
	sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
	sudo yum -y install vault
	elif [[ $os =~ "fedora" ]]; then
	echo "============================================================="
	echo "Detected OS: Fedora"
	echo "============================================================="
	sudo dnf install -y dnf-plugins-core
	sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
	sudo dnf -y install vault
	else
	echo "============================================================="
	echo "Please navigate to Hashicorp website and"
	echo "download the approriate binary."
	echo "============================================================="
	fi

	if ! command -v vault &> /dev/null
	then
	echo "ERROR ::: Failed to install"

	else
	echo "SUCCESS ::: Installed Hashicorp Vault"
	fi
	else
	echo "WARN ::: Hashicorp Vault is already installed..."
	echo "WARN ::: Skipping..."
	fi

	echo
	echo

	read -p "Create default Hashicorp Vault config (y/n)? " CONT
	if [ "$CONT" = "y" ]; then
	echo "ui = true
	disable_mlock = true

	storage \"raft\" {
	path = \"./vault/data\"
	node_id = \"node1\"
	}

	listener \"tcp\" {
	address = \"0.0.0.0:8200\"
	tls_disable = 1
	}

	api_addr = \"http://127.0.0.1:8200\"
	cluster_addr = \"https://127.0.0.1:8201\"" > config.hcl

	echo "============================================================="
	echo "config.hcl"
	echo "============================================================="
	cat config.hcl
	echo "============================================================="
	fi

	echo
	echo

	if test -f "./config.hcl"; then
	read -p "Run Vault (y/n)? " CONT
	if [ "$CONT" = "y" ]; then
	$(vault server -config=config.hcl) &> /dev/null &

	read -p "Initialize Vault (y/n)? " CONT
	if [ "$CONT" = "y" ]; then
	if test -f "./.vault_secret.json"; then
	echo
	echo
	echo "File already exists: .vault_secret.json"
	echo "WARN: This will overwrite the existing file!"
	read -p "Are you sure you want to continue (y/n)? " CONT
	if [ "$CONT" = "y" ]; then
	PAYLOAD="{\"secret_shares\":$SECRET_SHARES,\"secret_threshold\":$SECRET_THRESHOLD}"
	curl --request POST --data "$PAYLOAD" http://127.0.0.1:8200/v1/sys/init > ./.vault_secret.json
	echo "============================================================="
	echo "WARN :::Vault Secret saved in ./.vault_secret.json"
	echo "WARN ::: KEEP THIS SECURE!"
	echo "============================================================="
	cat ./.vault_secret.json
	echo "============================================================="
	fi
	else
	PAYLOAD="{\"secret_shares\":$SECRET_SHARES,\"secret_threshold\":$SECRET_THRESHOLD}"
	curl --request POST --data "$PAYLOAD" http://127.0.0.1:8200/v1/sys/init > ./.vault_secret.json
	echo "============================================================="
	echo "WARN ::: Vault Secret saved in ./.vault_secret.json"
	echo "WARN ::: KEEP THIS SECURE!"
	echo "============================================================="
	cat ./.vault_secret.json
	echo "============================================================="
	fi
	fi
	fi
	else
	echo "ERROR ::: Requires vault config (config.hcl) to run vault..."
	fi
	fi
	# end region }}