mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-10-29 01:41:36 +01:00
21 lines
504 B
Plaintext
21 lines
504 B
Plaintext
|
#!/bin/sh
|
||
|
|
|
||
|
|
export VAULT_ADDR={{ vault_conf.api_addr }}
|
||
|
|
|
||
|
|
UNSEAL='{% if vault_unseal_keys | length > 0 %}{{ vault_unseal_keys | join(',') }}{% endif %}'
|
||
|
|
STATUS=$(vault status -format json)
|
||
|
|
|
||
|
|
if [ "$(echo ${STATUS} | jq -r .initialized)" != "true" ]; then
|
||
|
|
echo "Vault not initialized yet"
|
||
|
|
exit 0
|
||
|
|
fi
|
||
|
|
|
||
|
|
if [ "$(echo ${STATUS} | jq -r .sealed)" != "true" ]; then
|
||
|
|
echo "Vault not sealed, nothing to do"
|
||
|
|
exit 0
|
||
|
|
fi
|
||
|
|
|
||
|
|
for KEY in $(echo ${UNSEAL} | sed -E 's/,/\n/g'); do
|
||
|
|
vault operator unseal "${KEY}"
|
||
|
|
done
|