-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathvault-setup.sh
executable file
·39 lines (33 loc) · 1.37 KB
/
vault-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#! /bin/sh
set -e
# We expect the caller to set these environment variables:
: "${VAULT_ADDR?Need to set this environment variable}"
: "${VAULT_DEV_ROOT_TOKEN_ID?Need to set this environment variable}"
: "${MINIO_ADDR?Need to set this environment variable}"
: "${MINIO_REGION_NAME?Need to set this environment variable}"
: "${MINIO_ROOT_USER?Need to set this environment variable}"
: "${MINIO_ROOT_PASSWORD?Need to set this environment variable}"
# FIXME This should be replaced by a more robust healthcheck, see
# https://docs.docker.com/compose/compose-file/compose-file-v3/#healthcheck
# https://docs.docker.com/engine/reference/builder/#healthcheck
echo
echo "***** Sleeping a few seconds to allow Vault to startup"
sleep 5
echo
echo "***** Logging in to Vault"
vault login token="$VAULT_DEV_ROOT_TOKEN_ID"
echo
echo "***** Checking if the /concourse path is already enabled"
if vault secrets list | grep concourse; then
echo "***** already enabled"
else
echo "***** to be enabled"
echo "***** Enabling the /concourse path"
vault secrets enable -path=/concourse kv
fi
echo
echo "***** Adding secrets"
vault kv put /concourse/main/s3-endpoint value="$MINIO_ADDR"
vault kv put /concourse/main/s3-region value="$MINIO_REGION_NAME"
vault kv put /concourse/main/s3-access-key value="$MINIO_ROOT_USER"
vault kv put /concourse/main/s3-secret-key value="$MINIO_ROOT_PASSWORD"