20 lines
844 B
Bash
Executable File
20 lines
844 B
Bash
Executable File
#!/bin/sh
|
|
|
|
set -euo pipefail
|
|
|
|
if [ "$(vault secrets list -format json | jq -r '.["[[ .vault.prefix ]]database/"].type')" != "database" ]; then
|
|
vault secrets enable -path [[ .vault.prefix ]]database database
|
|
fi
|
|
|
|
if [ "$(vault list -format json [[ .vault.prefix ]]database/config | jq '.[] | test("^[[ .mariadb.instance ]]$")')" = "false" ]; then
|
|
vault write [[ .vault.prefix ]]database/config/[[ .mariadb.instance ]] \
|
|
plugin_name="mysql-database-plugin" \
|
|
connection_url="{{username}}:{{password}}@tcp([[ (urlParse .mariadb.server.public_address).Host ]])/" \
|
|
allowed_roles="*" \
|
|
username=vault \
|
|
password="$(vault kv get -field vault_initial_pwd [[ .vault.prefix ]]kv/service/[[ .mariadb.instance ]])" \
|
|
disable_escaping=true
|
|
vault write -force [[ .vault.prefix ]]database/rotate-root/[[ .mariadb.instance ]]
|
|
fi
|
|
|