首頁 探索 說明
註冊 登入
Apq
/
acme.sh
镜像来自 https://github.com/acmesh-official/acme.sh.git
1
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

Vault deploy hook

Sergey Pashinin 5 年之前
父節點
21fd46d66b
當前提交
de692d3dcc
共有 2 個文件被更改,包括 63 次插入0 次删除
統一視圖 顯示文件統計
  1. 1 0
      Dockerfile
  2. 62 0
      deploy/vault.sh

+ 1 - 0
Dockerfile
查看文件 

@@ -7,6 +7,7 @@ RUN apk update -f \
 
   coreutils \
 
   coreutils \
 
   bind-tools \
 
   bind-tools \
 
   curl \
 
   curl \
 
+  sed \
 
   socat \
 
   socat \
 
   tzdata \
 
   tzdata \
 
   oath-toolkit-oathtool \
 
   oath-toolkit-oathtool \

+ 62 - 0
deploy/vault.sh
查看文件 

@@ -0,0 +1,62 @@
 
+#!/usr/bin/env sh
 
+
 
+# Here is a script to deploy cert to hashicorp vault using curl
 
+# (https://www.vaultproject.io/)
 
+#
 
+# it requires following environment variables:
 
+#
 
+# VAULT_PREFIX - this contains the prefix path in vault
 
+# VAULT_ADDR - vault requires this to find your vault server
 
+#
 
+# additionally, you need to ensure that VAULT_TOKEN is avialable
 
+# to access the vault server
 
+
 
+#returns 0 means success, otherwise error.
 
+
 
+########  Public functions #####################
 
+
 
+#domain keyfile certfile cafile fullchain
 
+vault_deploy() {
 
+
 
+  _cdomain="$1"
 
+  _ckey="$2"
 
+  _ccert="$3"
 
+  _cca="$4"
 
+  _cfullchain="$5"
 
+
 
+  _debug _cdomain "$_cdomain"
 
+  _debug _ckey "$_ckey"
 
+  _debug _ccert "$_ccert"
 
+  _debug _cca "$_cca"
 
+  _debug _cfullchain "$_cfullchain"
 
+
 
+  # validate required env vars
 
+  if [ -z "$VAULT_PREFIX" ]; then
 
+    _err "VAULT_PREFIX needs to be defined (contains prefix path in vault)"
 
+    return 1
 
+  fi
 
+
 
+  if [ -z "$VAULT_ADDR" ]; then
 
+    _err "VAULT_ADDR needs to be defined (contains vault connection address)"
 
+    return 1
 
+  fi
 
+
 
+  # JSON does not allow multiline strings.
 
+  # So replacing new-lines with "\n" here
 
+  _ckey=$(sed -z 's/\n/\\n/g' <"$2")
 
+  _ccert=$(sed -z 's/\n/\\n/g' <"$3")
 
+  _cca=$(sed -z 's/\n/\\n/g' <"$4")
 
+  _cfullchain=$(sed -z 's/\n/\\n/g' <"$5")
 
+
 
+  URL="$VAULT_ADDR/v1/$VAULT_PREFIX/$_cdomain"
 
+
 
+  if [ -n "$FABIO" ]; then
 
+    curl --silent -H "X-Vault-Token: $VAULT_TOKEN" --request POST --data "{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL" || return 1
 
+  else
 
+    curl --silent -H "X-Vault-Token: $VAULT_TOKEN" --request POST --data "{\"value\": \"$_ccert\"}" "$URL/cert.pem" || return 1
 
+    curl --silent -H "X-Vault-Token: $VAULT_TOKEN" --request POST --data "{\"value\": \"$_ckey\"}" "$URL/cert.key" || return 1
 
+    curl --silent -H "X-Vault-Token: $VAULT_TOKEN" --request POST --data "{\"value\": \"$_cca\"}" "$URL/chain.pem" || return 1
 
+    curl --silent -H "X-Vault-Token: $VAULT_TOKEN" --request POST --data "{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem" || return 1
 
+  fi
 
+
 
+}