29 lines
1.0 KiB
Bash
29 lines
1.0 KiB
Bash
# vim: syntax=sh
|
|
|
|
export LC_ALL=C
|
|
[[- $rand_list := coll.Slice ]]
|
|
[[- if isKind "slice" .vault.rand_secrets ]]
|
|
[[- $rand_list = .vault.rand_secrets ]]
|
|
[[- else if isKind "map" .vault.rand_secrets ]]
|
|
[[- $rand_list = append .vault.rand_secrets $rand_list ]]
|
|
[[- end ]]
|
|
[[- range $idx, $rand := $rand_list ]]
|
|
VAULT_KV_PATH=[[ $.vault.root ]]kv/service/[[ $.instance ]][[ if and (has $rand "path") (ne $rand.path "") ]]/[[ $rand.path ]][[ end ]]
|
|
RAND_CMD="[[ if has $rand "cmd" ]][[ $rand.cmd ]][[ else ]]tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50[[ end ]]"
|
|
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
|
|
vault kv put ${VAULT_KV_PATH} \
|
|
[[- range $idx, $field := $rand.fields ]]
|
|
[[ $field ]]="$(sh -c "${RAND_CMD}")" \
|
|
[[- end ]]
|
|
|
|
fi
|
|
for SECRET in [[ join $rand.fields " " ]]; do
|
|
if ! vault kv get -field ${SECRET} ${VAULT_KV_PATH} >/dev/null 2>&1; then
|
|
vault kv patch ${VAULT_KV_PATH} \
|
|
${SECRET}=$(sh -c "${RAND_CMD}")
|
|
fi
|
|
done
|
|
|
|
[[- end ]]
|
|
|