Generate a random admin_token if needed
This commit is contained in:
parent
4d1a5f8786
commit
2ee81a341f
|
@ -0,0 +1,21 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# vim: syntax=sh
|
||||
|
||||
export LC_ALL=C
|
||||
VAULT_KV_PATH=/kv/service/vaultwarden
|
||||
RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
|
||||
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
|
||||
vault kv put ${VAULT_KV_PATH} \
|
||||
admin_token="$(sh -c "${RAND_CMD}")" \
|
||||
|
||||
fi
|
||||
for SECRET in admin_token; do
|
||||
if ! vault kv get -field ${SECRET} ${VAULT_KV_PATH} >/dev/null 2>&1; then
|
||||
vault kv patch ${VAULT_KV_PATH} \
|
||||
${SECRET}=$(sh -c "${RAND_CMD}")
|
||||
fi
|
||||
done
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
[[ template "common/vault.rand_secrets" merge .vaultwarden.server . ]]
|
|
@ -27,6 +27,10 @@ vaultwarden:
|
|||
vault:
|
||||
policies:
|
||||
- '[[ .instance ]][[ .consul.suffix ]]'
|
||||
# A list of random secrets to generate if not present in vault kv store
|
||||
rand_secrets:
|
||||
fields:
|
||||
- admin_token
|
||||
|
||||
# Postgres settings
|
||||
postgres:
|
||||
|
|
Loading…
Reference in New Issue