Created
December 17, 2021 15:32
-
-
Save rudolphjacksonm/4c7367d724b230bc6fd5122204391769 to your computer and use it in GitHub Desktop.
Upload CosmosDB account key to Key Vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function update_keyvault_secret() { | |
local keyKind=$1 # The kind of CosmosDB account key, which must be either primary or secondary. | |
local secretValue=$2 | |
local cosmosDBAccountName=$3 | |
local vaultNames=("${cosmosDBAccountName%-mongo}" "${cosmosDBAccountName%-mongo}-ukw") | |
local secretName | |
if [[ "${keyKind}" == "primary" ]]; then | |
secretName='cosmosDBPrimaryConnectionString' | |
else | |
secretName='cosmosDBSecondaryConnectionString' | |
fi | |
for v in "${vaultNames[@]}"; do | |
echo "Updating secret ${secretName} in Key Vault ${v}..." | |
currentVersion=$(az keyvault secret show --vault-name "${v}" --name "${secretName}" -o tsv --query id | awk -F '/' '{ print $6 }') | |
az keyvault secret set \ | |
--vault-name "${v}" \ | |
--name "${secretName}" \ | |
--value "${secretValue}" | |
newVersion=$(az keyvault secret show --vault-name "${v}" --name "${secretName}" -o tsv --query id | awk -F '/' '{ print $6 }') | |
until [[ "${currentVersion}" != "${newVersion}" ]]; do | |
echo 'Stale secret version returned, retrying again 5 seconds...' | |
sleep 5 | |
newVersion=$(az keyvault secret show --vault-name "${v}" --name "${secretName}" -o tsv --query id | awk -F '/' '{ print $6 }') | |
done | |
echo "Key Vault secret ${secretName} in Key Vault ${v} has been successfully updated!" | |
echo "Previous version: ${currentVersion}" | |
echo "New version: ${newVersion}" | |
done | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment