miclip/vault-interpolate.sh

## vault-interpolate.sh
#!/bin/bash

set -ex

vault login $VAULT_TOKEN -no-print=true >/dev/null

files=$(find $INTERPOLATION_PATHS -type f -name '*.yml' -follow)

for file in $files; do
  echo -e "Creating interpolated $file \n"
  output_file=interpolated-env/$(basename $file)

  cp $file $output_file

  echo -e "Interpolating $file \n"

  # get list of vars to interpolate in file
  variables_to_interpolate=$(cat $file | awk -F '{{|}}' '{print $2}' | sed '/^$/d')

  # iterate through list of vars and replace with vault values
  for variable_to_interpolate in $variables_to_interpolate; do
    echo "Retrieving $variable_to_interpolate from Vault"
    value_from_vault=$(vault kv get -field=$variable_to_interpolate $PREFIX)

    # if multiline string (i.e. certificate) use awk otherwise use sed.
    # also determines intendation for the multiline string by adding "num" number of leading spaces
    if (($(grep -c . <<<"$value_from_vault") > 1)); then
      vault kv get -field=$variable_to_interpolate $PREFIX > tmp_$variable_to_interpolate
      num=$(grep -i $variable_to_interpolate $output_file | awk -F'[^ ]' '{print length($1)}')
      modified_value_from_vault=$(awk '{printf "%"'$num'"s%s\n", "", $0}' tmp_$variable_to_interpolate)
      modified_value_from_vault=$(echo "${modified_value_from_vault:$num}")
      awk -v r="$modified_value_from_vault" -v f="{{$variable_to_interpolate}}" '{gsub(f,r)}1' $output_file > /tmp/tfile && mv /tmp/tfile $output_file
      #rm tmp_$variable_to_interpolate
    else
       sed -i "s|{{$variable_to_interpolate}}|\"$value_from_vault\"|g" $output_file
    fi

  done

done

## vault-interpolate.yml
---
platform: linux

image_resource:
  type: docker-image
  source:
     repository: vault

inputs:
  - name: git-repo

run:
  path: ./git-repo/platform-automation/tasks/vault-interpolate.sh

outputs:
  - name: interpolated-env

params:
  VAULT_ADDR:
  VAULT_TOKEN:
  VAULT_SKIP_VERIFY:
  INTERPOLATION_PATHS:
  PREFIX:
	#!/bin/bash

	set -ex

	vault login $VAULT_TOKEN -no-print=true >/dev/null

	files=$(find $INTERPOLATION_PATHS -type f -name '*.yml' -follow)

	for file in $files; do
	echo -e "Creating interpolated $file \n"
	output_file=interpolated-env/$(basename $file)

	cp $file $output_file

	echo -e "Interpolating $file \n"

	# get list of vars to interpolate in file
	variables_to_interpolate=$(cat $file \| awk -F '{{\|}}' '{print $2}' \| sed '/^$/d')

	# iterate through list of vars and replace with vault values
	for variable_to_interpolate in $variables_to_interpolate; do
	echo "Retrieving $variable_to_interpolate from Vault"
	value_from_vault=$(vault kv get -field=$variable_to_interpolate $PREFIX)

	# if multiline string (i.e. certificate) use awk otherwise use sed.
	# also determines intendation for the multiline string by adding "num" number of leading spaces
	if (($(grep -c . <<<"$value_from_vault") > 1)); then
	vault kv get -field=$variable_to_interpolate $PREFIX > tmp_$variable_to_interpolate
	num=$(grep -i $variable_to_interpolate $output_file \| awk -F'[^ ]' '{print length($1)}')
	modified_value_from_vault=$(awk '{printf "%"'$num'"s%s\n", "", $0}' tmp_$variable_to_interpolate)
	modified_value_from_vault=$(echo "${modified_value_from_vault:$num}")
	awk -v r="$modified_value_from_vault" -v f="{{$variable_to_interpolate}}" '{gsub(f,r)}1' $output_file > /tmp/tfile && mv /tmp/tfile $output_file
	#rm tmp_$variable_to_interpolate
	else
	sed -i "s\|{{$variable_to_interpolate}}\|\"$value_from_vault\"\|g" $output_file
	fi

	done

	done
	---
	platform: linux

	image_resource:
	type: docker-image
	source:
	repository: vault

	inputs:
	- name: git-repo

	run:
	path: ./git-repo/platform-automation/tasks/vault-interpolate.sh

	outputs:
	- name: interpolated-env

	params:
	VAULT_ADDR:
	VAULT_TOKEN:
	VAULT_SKIP_VERIFY:
	INTERPOLATION_PATHS:
	PREFIX: