github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/hack/vault/init (about) 1 #!/bin/bash 2 3 set -e -u 4 5 cd $(dirname $0)/../.. 6 7 export VAULT_CACERT=$PWD/hack/vault/certs/vault-ca.crt 8 9 vault operator init --format=json > hack/vault/init.json 10 11 vault operator unseal $(jq -r .unseal_keys_b64[0] < hack/vault/init.json) 12 vault operator unseal $(jq -r .unseal_keys_b64[1] < hack/vault/init.json) 13 vault operator unseal $(jq -r .unseal_keys_b64[2] < hack/vault/init.json) 14 jq -r .root_token < hack/vault/init.json | vault login - 15 16 vault policy write concourse ./hack/vault/config/concourse-policy.hcl 17 18 vault auth enable cert 19 vault write auth/cert/certs/concourse \ 20 policies=concourse \ 21 certificate=@hack/vault/certs/vault-ca.crt ttl=1h 22 23 echo 24 echo 'to use the vault CLI, set:' 25 echo 26 echo ' export VAULT_CACERT=$PWD/hack/vault/certs/vault-ca.crt'