publicWagsHome
/
modules
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

test

Browse Source
pull/81/head
Muhammad Atif Ali 2 years ago
parent 8cd6ce3d8d
commit 828f20f5b6
No known key found for this signature in database
2 changed files with 26 additions and 41 deletions
Show Stats Download Patch File Download Diff File

19
vault/main.tf
Unescape Escape View File

@ -27,8 +27,21 @@ variable "vault_auth_id" {
}
variable "secrets" {
type = map(list(string))
description = "A map of secret lists to set as environment variables. Each secret list is a list of paths to secrets to set as environment variables."
type = map(map(string))
description = <<EOF
A map of secrets to write to the workspace. The key is the path of the secret in vault and the value is a map of the list of secrets and the file to write them to.
e.g,
{
"secret/data/my-secret-1" = {
"secrets" = ["username", "password"]
"file" = "secrets.env"
},
"secret/data/my-secret-2" = {
"secrets" = ["username", "password"]
"file" = "secrets2.env"
}
}
EOF
default = {}
}
@ -51,7 +64,7 @@ resource "coder_script" "vault" {
VAULT_ADDR : var.vault_addr,
VAULT_TOKEN : data.coder_git_auth.vault.access_token,
VERSION : var.vault_cli_version,
SECRETS : jsonencode(var.secrets),
SECRETS : jsonencode(var.secrets)
})
run_on_start = true
}

48
vault/run.sh
Unescape Escape View File

@ -37,10 +37,7 @@ export VAULT_TOKEN=${VAULT_TOKEN}
# login to Vault
printf "🔑 Logging in to Vault ...\n\n"
vault login -address=${VAULT_ADDR} -no-print ${VAULT_TOKEN}
# Add VAULT_ADDR to /ect/environment file to persist the environment variable
echo "VAULT_ADDR=${VAULT_ADDR}" | sudo tee -a /etc/environment
vault login -no-print ${VAULT_TOKEN}
# Verify Vault address and token
printf "🔎 Verifying Vault address and token ...\n\n"
@ -51,39 +48,14 @@ if [ "${SECRETS}" = "{}" ]; then
exit 0
fi
printf "\n🔑 Fetching secrets ...\n\n"
# Check if jq is installed
if ! command -v jq >/dev/null; then
echo "jq is not installed. Please install jq to automatically set the secrets."
echo "You can manually set the secrets by using the following command in your workspace:"
echo "vault kv get <path>"
exit 0
fi
echo "${SECRETS}"
# Decode the JSON string to a temporary file
echo "${SECRETS}" | jq '.' > temp.json
# Iterate through the keys and values in the JSON file
for key in $(jq -r 'keys[]' temp.json); do
path=$(echo $key | tr -d \")
# Fetch the secrets from Vault
secrets=$(vault kv get -format=json $path)
# Get the array of secret names from the JSON file
sceret_names=$(jq -r ".$key[]" temp.json)
# Convert the list of environment variables to an array
IFS=', ' read -r -a sceret_array <<< "$sceret_names"
# Set the environment variables with the secret values
for secret_name in "$${sceret_array[@]}"; do
# Remove quotes from the variable name
secret_name=$(echo $secret_name | tr -d \")
secret_value=$(echo $secrets | jq -r ".data.data.$secret_name")
export $secret_name=$secret_value
printf "🔍 Fetching secrets ...\n\n"
for key in $(echo "${SECRETS}" | jq -r "keys[]" ); do
secrets=$(echo "${SECRETS}" | jq -r ".$key.secrets[]")
file=$(echo "${SECRETS}" | jq -r ".$key.file")
printf "Fetching secrets from $${key} ...\n"
for secret in $${secrets}; do
value=$(vault kv get -format=json $${key} | jq -r ".data.data.$${secret}")
printf "$${secret}=$${value}\n" >> $${file}
done
printf "\n"
done
# Remove the temporary file
rm temp.json

Write Preview
Loading…
Cancel
Save