Created
May 28, 2021 14:35
-
-
Save mgazza/d3925195c24c9242251c01e2fad2fd27 to your computer and use it in GitHub Desktop.
Export all secrets from azure keyvault and encrypt them using sealed secrets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
subs=$(az account list | jq '.[].id' -r) | |
echo "found the following subscriptions" | |
echo "${subs}" | |
echo . | |
for sub in ${subs}; do | |
echo "proccessing subscription id ${sub}" | |
ERROR=$(az account set -s ${sub} 2>&1 >/dev/null) | |
if [[ ! -z "${ERROR}" ]]; then | |
echo "${ERROR}" | |
continue | |
fi | |
kvs=$(az keyvault list | jq '.[].name' -r) | |
echo "found the following keyvaults" | |
echo "${kvs}" | |
echo . | |
for kv in ${kvs}; do | |
secretString="kubectl create secret generic --dry-run=client ${kv} -o yaml" | |
echo "processing keyvault name ${kv}" | |
secrets=$(az keyvault secret list --vault-name ${kv} | jq '.[].name' -r) | |
if [[ -z "${secrets}" ]]; then | |
continue | |
fi | |
echo "found the following secrets" | |
echo "${secrets}" | |
echo . | |
for secret in ${secrets}; do | |
read key value < <(echo $(az keyvault secret show --name ${secret} --vault-name ${kv} | jq '.name, .value' -r)) | |
echo "appending ${key} to keystring" | |
secretString="${secretString} --from-literal=${key}='${value}'" | |
done | |
echo "creation stmt" | |
echo "${secretString}" | |
echo "generating sealedsecret" | |
eval ${secretString} | kubeseal --format=yaml --scope=cluster-wide --controller-namespace=sealed-secrets >"${kv}.yaml" | |
done | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment