Skip to content

Instantly share code, notes, and snippets.

@rtyler
Last active Apr 18, 2020
Embed
What would you like to do?
Simple Vault editing script
#!/bin/bash
VAULT_KEY=$1
FORMAT=${2:-yaml}
export WORK_FILE=$(mktemp).yml
EDITOR=${EDITOR:-vim}
function cleanup {
rm -f ${WORK_FILE}
}
trap cleanup EXIT INT
if [ "${FORMAT}" = "yaml" ]; then
cat > "${WORK_FILE}" <<EOF
---
# Note, this file is temporary: ${WORK_FILE}
# it will be cleaned up and overwrite ${VAULT_KEY}
# when you exit
EOF
fi;
vault read -format=${FORMAT} -field=data "${VAULT_KEY}" >> ${WORK_FILE}
BEFORE_HASH=$(md5sum ${WORK_FILE})
# Edit our file!
${EDITOR} ${WORK_FILE}
if [ $? -eq 0 ]; then
AFTER_HASH=$(md5sum ${WORK_FILE})
if [ "${BEFORE_HASH}" = "${AFTER_HASH}" ]; then
echo "No changes were made, not attempting to update Vault"
else
echo "Changes detected, writing to Vault"
if [ "${FORMAT}" = "yaml" ]; then
ruby -rjson -ryaml -e "puts JSON.dump(YAML.load_stream(File.read(ENV['WORK_FILE']))[0])" | vault write "${VAULT_KEY}" -
else
vault write "${VAULT_KEY}" "@${WORK_FILE}"
fi;
fi;
fi;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment