diff --git a/vault/justfile b/vault/justfile index 574d33c..ffe73b6 100644 --- a/vault/justfile +++ b/vault/justfile @@ -33,7 +33,6 @@ _vault_root_env_setup := ''' fi export VAULT_TOKEN ''' - [private] _vault_oidc_env_setup := ''' if [ -z "${VAULT_TOKEN:-}" ]; then @@ -112,6 +111,13 @@ install: check-env just setup-kubernetes-auth "${root_token}" just create-secrets-engine {{ SECRET_PATH }} "${root_token}" + just create-admin-policy "${root_token}" + + echo "Installing External Secrets Operator is recommended to manage secrets in Kubernetes." + echo "It can fetch secrets from Vault and sync them to Kubernetes Secret resources." + if gum confirm "Install External Secrets Operator?"; then + just external-secrets::install + fi # Uninstall Vault uninstall delete-ns='false': @@ -124,10 +130,17 @@ uninstall delete-ns='false': create-admin-token root_token='': check-env #!/bin/bash set -euo pipefail - export VAULT_TOKEN="{{ root_token }}" - while [ -z "${VAULT_TOKEN}" ]; do - VAULT_TOKEN=$(gum input --prompt="Vault root token: " --password --width=100) - done + {{ _vault_root_env_setup }} + # Create admin policy first + just create-admin-policy "${VAULT_TOKEN}" + # Create token with admin policy + vault token create -policy=admin + +# Create admin policy for Vault +create-admin-policy root_token='': + #!/bin/bash + set -euo pipefail + {{ _vault_root_env_setup }} vault policy write admin - </dev/null # Check if key exists with root token +[no-exit-message] exist-root path: #!/bin/bash set -euo pipefail