Last active
April 18, 2020 07:17
-
-
Save rtyler/d3105d3f6cd05789b2ab2510c6674aec to your computer and use it in GitHub Desktop.
Simple Vault editing script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
VAULT_KEY=$1 | |
FORMAT=${2:-yaml} | |
export WORK_FILE=$(mktemp).yml | |
EDITOR=${EDITOR:-vim} | |
function cleanup { | |
rm -f ${WORK_FILE} | |
} | |
trap cleanup EXIT INT | |
if [ "${FORMAT}" = "yaml" ]; then | |
cat > "${WORK_FILE}" <<EOF | |
--- | |
# Note, this file is temporary: ${WORK_FILE} | |
# it will be cleaned up and overwrite ${VAULT_KEY} | |
# when you exit | |
EOF | |
fi; | |
vault read -format=${FORMAT} -field=data "${VAULT_KEY}" >> ${WORK_FILE} | |
BEFORE_HASH=$(md5sum ${WORK_FILE}) | |
# Edit our file! | |
${EDITOR} ${WORK_FILE} | |
if [ $? -eq 0 ]; then | |
AFTER_HASH=$(md5sum ${WORK_FILE}) | |
if [ "${BEFORE_HASH}" = "${AFTER_HASH}" ]; then | |
echo "No changes were made, not attempting to update Vault" | |
else | |
echo "Changes detected, writing to Vault" | |
if [ "${FORMAT}" = "yaml" ]; then | |
ruby -rjson -ryaml -e "puts JSON.dump(YAML.load_stream(File.read(ENV['WORK_FILE']))[0])" | vault write "${VAULT_KEY}" - | |
else | |
vault write "${VAULT_KEY}" "@${WORK_FILE}" | |
fi; | |
fi; | |
fi; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment