skarnecki/run.sh

## run.sh
#!/usr/bin/env sh
#Command to run
COMMAND=$1

#Requires
#wget curl-dev py-pip jq

# Get consul template
wget -O envconsul.zip wget https://releases.hashicorp.com/envconsul/0.6.2/envconsul_0.6.2_linux_amd64.zip
unzip envconsul.zip
mv envconsul /usr/bin/

# Get IAM task role ARN from metadata, extract name of ARN, replace '-task-role' if found
if [ -z "$VAULT_PROJECT_NAME" ];then
  VAULT_PROJECT_NAME=$(curl -s 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI |jq ".RoleArn"|cut -d / -f2|sed 's/"//g')
fi

# Get app role/secret
pip install awscli
aws s3 cp s3://vault/$VAULT_PROJECT_NAME/credentials.json .
ROLE_ID=$(cat credentials.json|jq ".role_id")

#Get vault token using role_id
CLIENT_TOKEN=$(curl -sX POST -d "{\"role_id\":$ROLE_ID}" $VAULT_ADDR/v1/auth/approle/login  | jq ".auth.client_token")
echo "vault{
  address = \"$VAULT_ADDR\"
  renew = true
  token = $CLIENT_TOKEN
}" > config.hcl

envconsul -config="./config.hcl" -secret="secret/$VAULT_PROJECT_NAME" "$@"
	#!/usr/bin/env sh
	#Command to run
	COMMAND=$1

	#Requires
	#wget curl-dev py-pip jq

	# Get consul template
	wget -O envconsul.zip wget https://releases.hashicorp.com/envconsul/0.6.2/envconsul_0.6.2_linux_amd64.zip
	unzip envconsul.zip
	mv envconsul /usr/bin/

	# Get IAM task role ARN from metadata, extract name of ARN, replace '-task-role' if found
	if [ -z "$VAULT_PROJECT_NAME" ];then
	VAULT_PROJECT_NAME=$(curl -s 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \|jq ".RoleArn"\|cut -d / -f2\|sed 's/"//g')
	fi

	# Get app role/secret
	pip install awscli
	aws s3 cp s3://vault/$VAULT_PROJECT_NAME/credentials.json .
	ROLE_ID=$(cat credentials.json\|jq ".role_id")

	#Get vault token using role_id
	CLIENT_TOKEN=$(curl -sX POST -d "{\"role_id\":$ROLE_ID}" $VAULT_ADDR/v1/auth/approle/login \| jq ".auth.client_token")
	echo "vault{
	address = \"$VAULT_ADDR\"
	renew = true
	token = $CLIENT_TOKEN
	}" > config.hcl

	envconsul -config="./config.hcl" -secret="secret/$VAULT_PROJECT_NAME" "$@"