mmastoras/Vault to JKS truststore keystore

## Vault to JKS truststore keystore
docker-entrypoint.sh
```
# create truststore and keystore from pem files if they exist
if [ -f "$ZOO_CONF_DIR/ssl/root-int-ca.pem" ] && [ -f "$ZOO_CONF_DIR/ssl/node.pem"]; then
  # create truststore jks
  truststore_password="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 12 | head -n 1)"
  echo $truststore_password > $TRUSTSTORE_WORKING_DIRECTORY/truststore_password.txt
  keytool -import -alias root-int-ca -trustcacerts -file $ZOO_CONF_DIR/ssl/root-int-ca.pem \
    -keystore $ZOO_CONF_DIR/ssl/kafka-truststore.jks -storepass $truststore_password

  # create keystore jks
  keystore_password="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 12 | head -n 1)"
  openssl pkcs12 -inkey node-1.pem -in node-1.pem -name node-1 -export -out node-1.p12
  keytool -importkeystore -deststorepass $keystore_password \
    -destkeystore keystore.jks -srckeystore node-1.p12 -srcstoretype PKCS12

  # update passwords in zoo.cfg
  sed -i "s/TRUSTSTORE_PASSWORD/$truststore_password/g" /$ZOO_CONF_DIR/zoo.cfg
  sed -i "s/KEYSTORE_PASSWORD/$keystore_password/g" /$ZOO_CONF_DIR/zoo.cfg
fi
```

nomad templates
```
meta {
        mtls_path          = "secret/teams/sre/kafka-poc/zk1/mtls"
        vault_addr         = "https://vault.simulpong.com:8200"
        cluster_dc         = "alpha"
        vault_cert_path    = "alphaintca/issue/alpha-dot-consul"
        root_ca_path       = "alpharootca/cert/ca"
        int_ca_path        = "alphaintca/cert/ca"
        cert_ttl           = "168h"
      }

template {
        destination = "local/conf/ssl/root-int-ca.pem"
  data = <<EOH
{{ $root_ca_path := env "NOMAD_META_root_ca_path" -}}
{{ $int_ca_path := env "NOMAD_META_int_ca_path" -}}
{{ with secret (printf "%s" $int_ca_path) }}
{{ .Data.certificate -}}
{{ end -}}
{{ with secret (printf "%s" $root_ca_path) }}
{{ .Data.certificate -}}
{{ end }}
EOH
      }
      template {
        destination = "local/conf/ssl/node.pem"
        change_mode = "noop"
        data = <<EOH
{{ $ip_address := env "NOMAD_IP_client" -}}
{{ $vault_cert_path := env "NOMAD_META_vault_cert_path" -}}
{{ $cluster_dc := env "NOMAD_META_cluster_dc" -}}
{{ $cert_ttl := env "NOMAD_META_cert_ttl" -}}
{{ with secret (printf "%s" $vault_cert_path) (printf "common_name=zk-%s.service.%s.consul" $cluster_dc $cluster_dc) (printf "alt_names=zk-%s.service.%s.consul" $cluster_dc $cluster_dc) (printf "ip_sans=%s" $ip_address) (printf "ttl=%s" $cert_ttl)  }}
{{ .Data.certificate -}}
{{ end }}
EOH
}
```
	docker-entrypoint.sh
	```
	# create truststore and keystore from pem files if they exist
	if [ -f "$ZOO_CONF_DIR/ssl/root-int-ca.pem" ] && [ -f "$ZOO_CONF_DIR/ssl/node.pem"]; then
	# create truststore jks
	truststore_password="$(cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 12 \| head -n 1)"
	echo $truststore_password > $TRUSTSTORE_WORKING_DIRECTORY/truststore_password.txt
	keytool -import -alias root-int-ca -trustcacerts -file $ZOO_CONF_DIR/ssl/root-int-ca.pem \
	-keystore $ZOO_CONF_DIR/ssl/kafka-truststore.jks -storepass $truststore_password

	# create keystore jks
	keystore_password="$(cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 12 \| head -n 1)"
	openssl pkcs12 -inkey node-1.pem -in node-1.pem -name node-1 -export -out node-1.p12
	keytool -importkeystore -deststorepass $keystore_password \
	-destkeystore keystore.jks -srckeystore node-1.p12 -srcstoretype PKCS12

	# update passwords in zoo.cfg
	sed -i "s/TRUSTSTORE_PASSWORD/$truststore_password/g" /$ZOO_CONF_DIR/zoo.cfg
	sed -i "s/KEYSTORE_PASSWORD/$keystore_password/g" /$ZOO_CONF_DIR/zoo.cfg
	fi
	```

	nomad templates
	```
	meta {
	mtls_path = "secret/teams/sre/kafka-poc/zk1/mtls"
	vault_addr = "https://vault.simulpong.com:8200"
	cluster_dc = "alpha"
	vault_cert_path = "alphaintca/issue/alpha-dot-consul"
	root_ca_path = "alpharootca/cert/ca"
	int_ca_path = "alphaintca/cert/ca"
	cert_ttl = "168h"
	}

	template {
	destination = "local/conf/ssl/root-int-ca.pem"
	data = <<EOH
	{{ $root_ca_path := env "NOMAD_META_root_ca_path" -}}
	{{ $int_ca_path := env "NOMAD_META_int_ca_path" -}}
	{{ with secret (printf "%s" $int_ca_path) }}
	{{ .Data.certificate -}}
	{{ end -}}
	{{ with secret (printf "%s" $root_ca_path) }}
	{{ .Data.certificate -}}
	{{ end }}
	EOH
	}
	template {
	destination = "local/conf/ssl/node.pem"
	change_mode = "noop"
	data = <<EOH
	{{ $ip_address := env "NOMAD_IP_client" -}}
	{{ $vault_cert_path := env "NOMAD_META_vault_cert_path" -}}
	{{ $cluster_dc := env "NOMAD_META_cluster_dc" -}}
	{{ $cert_ttl := env "NOMAD_META_cert_ttl" -}}
	{{ with secret (printf "%s" $vault_cert_path) (printf "common_name=zk-%s.service.%s.consul" $cluster_dc $cluster_dc) (printf "alt_names=zk-%s.service.%s.consul" $cluster_dc $cluster_dc) (printf "ip_sans=%s" $ip_address) (printf "ttl=%s" $cert_ttl) }}
	{{ .Data.certificate -}}
	{{ end }}
	EOH
	}
	```