publicWagsHome
/
modules
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

test

Browse Source
pull/81/head
Muhammad Atif Ali 2 years ago
parent 8cd6ce3d8d
commit 828f20f5b6
No known key found for this signature in database
2 changed files with 26 additions and 41 deletions
Show Stats Download Patch File Download Diff File

19
vault/main.tf
Unescape Escape View File

@ -27,8 +27,21 @@ variable "vault_auth_id" {
} }
variable "secrets" { variable "secrets" {
type = map(list(string)) type = map(map(string))
description = "A map of secret lists to set as environment variables. Each secret list is a list of paths to secrets to set as environment variables." description = <<EOF
A map of secrets to write to the workspace. The key is the path of the secret in vault and the value is a map of the list of secrets and the file to write them to.
e.g,
{
"secret/data/my-secret-1" = {
"secrets" = ["username", "password"]
"file" = "secrets.env"
},
"secret/data/my-secret-2" = {
"secrets" = ["username", "password"]
"file" = "secrets2.env"
}
}
EOF
default = {} default = {}
} }
@ -51,7 +64,7 @@ resource "coder_script" "vault" {
VAULT_ADDR : var.vault_addr, VAULT_ADDR : var.vault_addr,
VAULT_TOKEN : data.coder_git_auth.vault.access_token, VAULT_TOKEN : data.coder_git_auth.vault.access_token,
VERSION : var.vault_cli_version, VERSION : var.vault_cli_version,
SECRETS : jsonencode(var.secrets), SECRETS : jsonencode(var.secrets)
}) })
run_on_start = true run_on_start = true
} }

48
vault/run.sh
Unescape Escape View File

@ -37,10 +37,7 @@ export VAULT_TOKEN=${VAULT_TOKEN}
# login to Vault # login to Vault
printf "🔑 Logging in to Vault ...\n\n" printf "🔑 Logging in to Vault ...\n\n"
vault login -address=${VAULT_ADDR} -no-print ${VAULT_TOKEN} vault login -no-print ${VAULT_TOKEN}
# Add VAULT_ADDR to /ect/environment file to persist the environment variable
echo "VAULT_ADDR=${VAULT_ADDR}" | sudo tee -a /etc/environment
# Verify Vault address and token # Verify Vault address and token
printf "🔎 Verifying Vault address and token ...\n\n" printf "🔎 Verifying Vault address and token ...\n\n"
@ -51,39 +48,14 @@ if [ "${SECRETS}" = "{}" ]; then
exit 0 exit 0
fi fi
printf "\n🔑 Fetching secrets ...\n\n" printf "🔍 Fetching secrets ...\n\n"
for key in $(echo "${SECRETS}" | jq -r "keys[]" ); do
# Check if jq is installed secrets=$(echo "${SECRETS}" | jq -r ".$key.secrets[]")
if ! command -v jq >/dev/null; then file=$(echo "${SECRETS}" | jq -r ".$key.file")
echo "jq is not installed. Please install jq to automatically set the secrets." printf "Fetching secrets from $${key} ...\n"
echo "You can manually set the secrets by using the following command in your workspace:" for secret in $${secrets}; do
echo "vault kv get <path>" value=$(vault kv get -format=json $${key} | jq -r ".data.data.$${secret}")
exit 0 printf "$${secret}=$${value}\n" >> $${file}
fi
echo "${SECRETS}"
# Decode the JSON string to a temporary file
echo "${SECRETS}" | jq '.' > temp.json
# Iterate through the keys and values in the JSON file
for key in $(jq -r 'keys[]' temp.json); do
path=$(echo $key | tr -d \")
# Fetch the secrets from Vault
secrets=$(vault kv get -format=json $path)
# Get the array of secret names from the JSON file
sceret_names=$(jq -r ".$key[]" temp.json)
# Convert the list of environment variables to an array
IFS=', ' read -r -a sceret_array <<< "$sceret_names"
# Set the environment variables with the secret values
for secret_name in "$${sceret_array[@]}"; do
# Remove quotes from the variable name
secret_name=$(echo $secret_name | tr -d \")
secret_value=$(echo $secrets | jq -r ".data.data.$secret_name")
export $secret_name=$secret_value
done done
printf "\n"
done done
# Remove the temporary file
rm temp.json

Write Preview
Loading…
Cancel
Save