Skip to content

Instantly share code, notes, and snippets.

@GuyBarros

GuyBarros/kmip_counter.sh

Created October 28, 2025 18:40
Show Gist options
  • Save GuyBarros/66fe1e7e049727e6437a360035345469 to your computer and use it in GitHub Desktop.
Save GuyBarros/66fe1e7e049727e6437a360035345469 to your computer and use it in GitHub Desktop.
Download ZIP
script to count KMIP certificates
Raw
kmip_counter.sh
export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=
export VAULT_NAMESPACE=
export KMIP_PATH=kmip
# Iterate over the KMIP Secret Engine to get all Scopes
KMIP_SCOPES=$(curl -H "X-Vault-Token: ${VAULT_TOKEN}" -H "X-Vault-Request: true" "${VAULT_ADDR}/v1/${KMIP_PATH}/scope?list=true" | jq -r '.data.keys[]' )
# KMIP_SCOPES=$(curl -H "X-Vault-Token: ${VAULT_TOKEN}" -H "X-Vault-Request: true" -H "X-Vault-Namespace: ${VAULT_NAMESPACE}" "${VAULT_ADDR}/v1/${KMIP_PATH}/scope?list=true" | jq -r '.data.keys[]' )
# Iterate over the Scopes to get the Roles
for KMIP_SCOPE in $KMIP_SCOPES; do
KMIP_ROLES=$(curl -H "X-Vault-Token: ${VAULT_TOKEN}" -H "X-Vault-Request: true" "${VAULT_ADDR}/v1/${KMIP_PATH}/scope/$KMIP_SCOPE/role?list=true" | jq -r '.data.keys[]')
# KMIP_ROLES=$(curl -H "X-Vault-Token: ${VAULT_TOKEN}" -H "X-Vault-Request: true" -H "X-Vault-Namespace: ${VAULT_NAMESPACE}" "${VAULT_ADDR}/v1/${KMIP_PATH}/scope/$KMIP_SCOPE/role?list=true" | jq -r '.data.keys[]')
# Interate over roles to get all Certificates
for KMIP_ROLE in $KMIP_ROLES; do
KMIP_CERTIFICATES=$(curl -H "X-Vault-Request: true" -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/${KMIP_PATH}/scope/$KMIP_SCOPE/role/$KMIP_ROLE/credential?list=true" | jq -r '.data.keys[]')
# KMIP_CERTIFICATES+=$(curl -H "X-Vault-Request: true" -H "X-Vault-Token: ${VAULT_TOKEN}" -H "X-Vault-Namespace: ${VAULT_NAMESPACE}" "${VAULT_ADDR}/v1/${KMIP_PATH}/scope/$KMIP_SCOPE/role/$KMIP_ROLE/credential?list=true" | jq '.data.keys[]')
#NOT WORKING
for serial_number in $KMIP_CERTIFICATES; do
echo "Processing serial number: $serial_number"
curl -H "X-Vault-Request: true" -H "X-Vault-Token: ${VAULT_TOKEN}" "${VAULT_ADDR}/v1/${KMIP_PATH}/scope/$KMIP_SCOPE/role/$KMIP_ROLE/credential/lookup?serial_number=${serial_number}" | jq -r .data.certificate > ${serial_number}.pem
done
#
certificates_array+=$KMIP_CERTIFICATES
certificates_array+=" "
done
done
#certificates_array=$KMIP_CERTIFICATES
certificate_count=${#certificates_array[@]}
echo "Number of KMIP certificates: $certificate_count"
openssl x509 -noout -text -in 269482119992531997805470604724873158599350606628.pem
PEM_DIR="."
# Iterate over each .pem file in the directory
for pem_file in "$PEM_DIR"/*.pem; do
# Check if there are any .pem files
if [ -e "$pem_file" ]; then
# Get the filename without the extension
base_filename=$(basename "$pem_file" .pem)
# Define the output text file name
output_file="${PEM_DIR}/${base_filename}.txt"
# Run openssl x509 command on the pem file and save the output to a text file
openssl x509 -noout -text -in "$pem_file" > "$output_file"
echo "Processed $pem_file -> $output_file"
else
echo "No .pem files found in the directory."
fi
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment