Simple Vault editing script

v-edit

#!/bin/bash

VAULT_KEY=$1
FORMAT=${2:-yaml}
export WORK_FILE=$(mktemp).yml
EDITOR=${EDITOR:-vim}

function cleanup {
    rm -f ${WORK_FILE}
}

trap cleanup EXIT INT


if [ "${FORMAT}" = "yaml" ]; then
    cat > "${WORK_FILE}"  <<EOF
---
# Note, this file is temporary: ${WORK_FILE}
# it will be cleaned up and overwrite ${VAULT_KEY}
# when you exit
EOF
fi;

vault read -format=${FORMAT} -field=data "${VAULT_KEY}" >> ${WORK_FILE}

BEFORE_HASH=$(md5sum ${WORK_FILE})

# Edit our file!
${EDITOR} ${WORK_FILE}

if [ $? -eq 0 ]; then

    AFTER_HASH=$(md5sum ${WORK_FILE})

    if [ "${BEFORE_HASH}" = "${AFTER_HASH}" ]; then
        echo "No changes were made, not attempting to update Vault"
    else
        echo "Changes detected, writing to Vault"

        if [ "${FORMAT}" = "yaml" ]; then
            ruby -rjson -ryaml -e "puts JSON.dump(YAML.load_stream(File.read(ENV['WORK_FILE']))[0])" | vault write "${VAULT_KEY}" -
        else
            vault write "${VAULT_KEY}" "@${WORK_FILE}"
        fi;
    fi;
fi;