vault-unseal-and-authorize.sh

if ! type vault >/dev/null 2>&1; then "Please install vault. $ snap install vault"; exit 1; fi

export VAULT_KEYS_PATH="vault-keys.txt"

vault_init() {
  VAULT_UNIT_IP=$(juju run --unit vault/leader "network-get access --ingress-address=true"); 
  export VAULT_ADDR="http://$VAULT_UNIT_IP:8200"
  echo "=== Initializing Vault by $VAULT_UNIT_IP ==="
  vault operator init -key-shares=5 -key-threshold=3 > ${VAULT_KEYS_PATH}
}

vault_unseal() {
  for key in `cat ${VAULT_KEYS_PATH} |cut -f4 -d' '|head -3`; do vault operator unseal $key; done
}

vault_unseal_all() {
  for i in 0 1 2; do
    VAULT_UNIT_IP=$(juju run --unit vault/$i "network-get access --ingress-address=true"); 
    export VAULT_ADDR="http://$VAULT_UNIT_IP:8200"
    echo "== Unsealing vault/$i : $VAULT_UNIT_IP =="
    vault_unseal
  done
}

vault_authorize_charm() {
  VAULT_UNIT_IP=$(juju run --unit vault/leader "network-get access --ingress-address=true"); 
  export VAULT_ADDR="http://$VAULT_UNIT_IP:8200"
  export VAULT_TOKEN=`cat ${VAULT_KEYS_PATH} |grep 'Initial Root Token'|cut -f4 -d' '`
  echo "=== Create token by $VAULT_UNIT_IP  ==="
  export CHARM_AUTH_TOKEN=`vault token create -ttl=10m|head -3|grep token|awk '{print $2}'`
  echo "=== Authorizing charm ==="
  juju run-action --wait vault/leader authorize-charm token="$CHARM_AUTH_TOKEN"
}
  

### Init vault
vault_init

### Unseal all vault instances
vault_unseal_all

echo "=== Waiting 30s ==="
sleep 30

### Authorize charm
vault_authorize_charm

Hi @mastier, this script is useful but would need some refactoring. Mostly replacing run-unit by exec and run-action by run commands to be compatible with juju 3.x. Not tested

if ! type vault >/dev/null 2>&1; then "Please install vault. $ snap install vault"; exit 1; fi

export VAULT_KEYS_PATH="generated/vault-keys.txt"

vault_init() {
  VAULT_UNIT_IP=$(juju run --unit vault/leader "network-get access --ingress-address=true"); 
  export VAULT_ADDR="http://$VAULT_UNIT_IP:8200"
  echo "=== Initializing Vault by $VAULT_UNIT_IP ==="
  vault operator init -key-shares=5 -key-threshold=3 > ${VAULT_KEYS_PATH}
}

vault_unseal() {
  for key in `cat ${VAULT_KEYS_PATH} |cut -f4 -d' '|head -3`; do vault operator unseal $key; done
}

vault_unseal_all() {
  for i in 0 1 2; do
    VAULT_UNIT_IP=$(juju exec --unit vault/$i "network-get access --ingress-address=true"); 
    export VAULT_ADDR="http://$VAULT_UNIT_IP:8200"
    echo "== Unsealing vault/$i : $VAULT_UNIT_IP =="
    vault_unseal
  done
}

vault_authorize_charm() {
  VAULT_UNIT_IP=$(juju exec ---unit vault/leader "network-get access --ingress-address=true"); 
  export VAULT_ADDR="http://$VAULT_UNIT_IP:8200"
  export VAULT_TOKEN=`cat ${VAULT_KEYS_PATH} |grep 'Initial Root Token'|cut -f4 -d' '`
  echo "=== Create token by $VAULT_UNIT_IP  ==="
  export CHARM_AUTH_TOKEN=`vault token create -ttl=10m|head -3|grep token|awk '{print $2}'`
  echo "=== Authorizing charm ==="
  juju run --wait vault/leader authorize-charm token="$CHARM_AUTH_TOKEN"
}
  

### Init vault
vault_init

### Unseal all vault instances
vault_unseal_all

echo "=== Waiting 30s ==="
sleep 30

### Authorize charm
vault_authorize_charm