baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(vault): get-root, put-root, etc

Browse Source
This commit is contained in:
Masaki Yatsu
2025-08-16 15:45:59 +09:00
parent a1ced0a0a8
commit 276ccfe59b
1 changed files with 37 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
vault/justfile
View File

@@ -12,12 +12,14 @@ SECRET_PATH := "secret"
[private] [private]
_vault_root_env_setup := ''' _vault_root_env_setup := '''
if [ -z "${VAULT_TOKEN:-}" ]; then if [ -z "${VAULT_TOKEN:-}" ]; then
echo "" >&2 if [ "${VAULT_DEBUG}" = "true" ]; then
echo "💡 To avoid entering Vault root token repeatedly:" >&2 echo "" >&2
echo " • Set environment variable: export VAULT_TOKEN=your_root_token" >&2 echo "💡 To avoid entering Vault root token repeatedly:" >&2
echo " • or write it in .env.local file: VAULT_TOKEN=your_root_token" >&2 echo " • Set environment variable: export VAULT_TOKEN=your_root_token" >&2
echo " • Use 1Password reference: VAULT_TOKEN=op://vault/root/token" >&2 echo " • or write it in .env.local file: VAULT_TOKEN=your_root_token" >&2
echo "" >&2 echo " • Use 1Password reference: VAULT_TOKEN=op://vault/root/token" >&2
echo "" >&2
fi
VAULT_TOKEN=$(gum input --prompt="Vault root token: " --password --width=100) VAULT_TOKEN=$(gum input --prompt="Vault root token: " --password --width=100)
elif [[ "${VAULT_TOKEN}" == op://* ]]; then elif [[ "${VAULT_TOKEN}" == op://* ]]; then
if ! command -v op &>/dev/null; then if ! command -v op &>/dev/null; then
@@ -259,6 +261,13 @@ get path field:
{{ _vault_oidc_env_setup }} {{ _vault_oidc_env_setup }}
vault kv get -mount=secret -field={{ field }} {{ path }} vault kv get -mount=secret -field={{ field }} {{ path }}
# Get key value with root token
get-root path field:
#!/bin/bash
set -euo pipefail
{{ _vault_root_env_setup }}
vault kv get -mount=secret -field={{ field }} {{ path }}
# Put key value # Put key value
put path *args: put path *args:
#!/bin/bash #!/bin/bash
@@ -266,6 +275,13 @@ put path *args:
{{ _vault_oidc_env_setup }} {{ _vault_oidc_env_setup }}
vault kv put -mount=secret {{ path }} {{ args }} vault kv put -mount=secret {{ path }} {{ args }}
# Put key value with root token
put-root path *args:
#!/bin/bash
set -euo pipefail
{{ _vault_root_env_setup }}
vault kv put -mount=secret {{ path }} {{ args }}
# Delete key value # Delete key value
delete path: delete path:
#!/bin/bash #!/bin/bash
@@ -273,13 +289,27 @@ delete path:
{{ _vault_oidc_env_setup }} {{ _vault_oidc_env_setup }}
vault kv delete -mount=secret {{ path }} vault kv delete -mount=secret {{ path }}
# Check if key exists (non-interactive if VAULT_ADDR and VAULT_TOKEN are set) # Delete key value with root token
delete-root path:
#!/bin/bash
set -euo pipefail
{{ _vault_root_env_setup }}
vault kv delete -mount=secret {{ path }}
# Check if key exists
exist path: exist path:
#!/bin/bash #!/bin/bash
set -euo pipefail set -euo pipefail
{{ _vault_oidc_env_setup }} {{ _vault_oidc_env_setup }}
vault kv get -mount=secret {{ path }} &>/dev/null vault kv get -mount=secret {{ path }} &>/dev/null
# Check if key exists with root token
exist-root path:
#!/bin/bash
set -euo pipefail
{{ _vault_root_env_setup }}
vault kv get -mount=secret {{ path }} &>/dev/null
# Check the environment # Check the environment
[private] [private]
check-env: check-env: