Get Key Vault secret

ketkvsecret.sh

#!/bin/sh

# [email protected]

# Gets a secret from Azure key vault.
# See usage()

COMMANDS="az basename"

for COMMAND in $COMMANDS; do
  if [ ! $(command -v $COMMAND) ]; then
    fail "Could not find '$COMMAND' command. Is it installed?"
  fi
done

unset COMMANDS

BASENAME=$(basename $0)

usage()
{
  echo "Usage: $BASENAME [-k kayvaultshortname ] [ -s secretname ]"
  echo
  echo "Requirements:"
  echo " - az cli, logged in to the subscription containing the Key Vault"
  echo " - name of the keyvault - use KEYVAULT variable, or -k parameter"
  echo " - name of the secret - use SECRET variable, basename of the script (see below), or -s parameter"
  echo
  echo "For easy access to often used secrets:"
  echo
  echo " 1. Set a KEYVAULT environment variable in your shell (.bashrc/.zshrc)"
  echo " 2. Symlink the secret name to the script file:"
  echo "    e.g. ln -s getkvsecret arm-subscription-id"
  echo " 3. When you run ./arm-subscription-id, you will get that secret value returned to stdout"
  exit 2
}

set_variable()
{
  local varname=$1
  shift
  if [ -z "${!varname}" ]; then
    eval "$varname=\"$@\""
  else
    echo "Error: $varname already set"
    usage
  fi
}

while getopts 'k:s:?h' o
do
  case $o in
    k) set_variable KEYVAULT $OPTARG ;;
    s) set_variable SECRET $OPTARG ;;
    h|?) usage ;;
  esac
done

if [ -z "$SECRET" ]; then
  SECRET=$BASENAME
fi

if [ "$SECRET" == "getkvsecret" ]; then
  usage
fi

az keyvault secret show --vault-name $KEYVAULT --name $SECRET --query value --output tsv