Last active
March 18, 2023 21:49
-
-
Save zboralski/709b2427bff863ab7868c6a1d2125591 to your computer and use it in GitHub Desktop.
Write Google Cloud Platform (GCP) credentials to HashiCorp Vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Write Google Cloud Platform (GCP) credentials to HashiCorp Vault | |
| # https://gist.github.com/zboralski/709b2427bff863ab7868c6a1d2125591#file-vault-oidc-google-secrets-sh | |
| # Then use vault-oidc-google-secrets.sh to configure OIDC | |
| # https://gist.github.com/zboralski/8f44f9a3ece6cd01fbc675943b490a80#file-vault-oidc-google-config-sh | |
| # Set project name and file names | |
| PROJECT="example-vault-us" | |
| SERVICE_ACCOUNT_JSON="${PROJECT}-1aab5d7d48ab.json" | |
| CLIENT_SECRET_JSON="client_secret_499450834754-j5lejuc4huldog4t8j7aiu3nr2k0j0nm.apps.googleusercontent.com.json" | |
| TEMP_CLIENT_SECRET_JSON="temp_client_secret.json" | |
| # Set secret paths | |
| SECRET_ROOT="secret/gcloud/${PROJECT}" | |
| GSUITE_SERVICE_ACCOUNT="${SECRET_ROOT}/gsuite_service_account" | |
| CLIENT_SECRET="${SECRET_ROOT}/client_secret" | |
| # Write the GSuite service account JSON to Vault | |
| vault kv put "${GSUITE_SERVICE_ACCOUNT}" "@${SERVICE_ACCOUNT_JSON}" | |
| # Format and write the web.client_secret JSON to Vault | |
| cat "${CLIENT_SECRET_JSON}" | jq -c '.web' > "${TEMP_CLIENT_SECRET_JSON}" | |
| vault kv put "${CLIENT_SECRET}" "@${TEMP_CLIENT_SECRET_JSON}" | |
| # Remove sensitive files | |
| rm -i "${SERVICE_ACCOUNT_JSON}" "${CLIENT_SECRET_JSON}" "${TEMP_CLIENT_SECRET_JSON}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment