Ben Vincent
fe05c86463
- add vault module to puppetfile - define class to manage the install and config of vault - manage the datavol and raft storage - manage the unzip and other compression tools - define custom unseal script and service - add documentation on initial setup of vault
24 lines
584 B
Plaintext
24 lines
584 B
Plaintext
#!/bin/bash
|
|
|
|
# Script to unseal Vault
|
|
|
|
VAULT_ADDR='<%= @vault_address %>'
|
|
UNSEAL_KEYS_FILE='/etc/vault/unseal_keys'
|
|
|
|
# Check if Vault is sealed
|
|
is_sealed=$(curl -s ${VAULT_ADDR}/v1/sys/seal-status | jq -r '.sealed')
|
|
if [ "$is_sealed" != "true" ]; then
|
|
echo "Vault is already unsealed."
|
|
exit 0
|
|
fi
|
|
|
|
# Retrieve unseal keys from plaintext file
|
|
unseal_keys=$(cat "$UNSEAL_KEYS_FILE")
|
|
|
|
# Loop through the unseal keys and use them to unseal Vault
|
|
for key in $unseal_keys; do
|
|
curl --request PUT --data '{"key": "'$key'"}' $VAULT_ADDR/v1/sys/unseal
|
|
done
|
|
|
|
echo "Vault has been unsealed."
|