github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/hack/vault/init

github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/hack/vault/init (about)

     1  #!/bin/bash
     2  
     3  set -e -u
     4  
     5  cd $(dirname $0)/../..
     6  
     7  export VAULT_CACERT=$PWD/hack/vault/certs/vault-ca.crt
     8  
     9  vault operator init --format=json > hack/vault/init.json
    10  
    11  vault operator unseal $(jq -r .unseal_keys_b64[0] < hack/vault/init.json)
    12  vault operator unseal $(jq -r .unseal_keys_b64[1] < hack/vault/init.json)
    13  vault operator unseal $(jq -r .unseal_keys_b64[2] < hack/vault/init.json)
    14  jq -r .root_token < hack/vault/init.json | vault login -
    15  
    16  vault policy write concourse ./hack/vault/config/concourse-policy.hcl
    17  
    18  vault auth enable cert
    19  vault write auth/cert/certs/concourse \
    20    policies=concourse \
    21    certificate=@hack/vault/certs/vault-ca.crt ttl=1h
    22  
    23  echo
    24  echo 'to use the vault CLI, set:'
    25  echo
    26  echo '  export VAULT_CACERT=$PWD/hack/vault/certs/vault-ca.crt'