Created
April 12, 2018 17:43
-
-
Save scarolan/ac6bc8e2e0d1933a1ac14ba7ab2819ec to your computer and use it in GitHub Desktop.
Rotate a local Linux password, store the new password in HashiCorp Vault
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Script for rotating passwords on the local machine. | |
| # Make sure and store VAULT_TOKEN as an environment variable before running this. | |
| USERNAME=$1 | |
| PASSLENGTH=$2 | |
| VAULTURL=$3 | |
| NEWPASS=$(openssl rand -base64 $PASSLENGTH) | |
| JSON="{ \"data\": { \"root\": \"$NEWPASS\" } }" | |
| # First commit the new password to vault | |
| curl -H "X-Vault-Token: $VAULT_TOKEN" -X POST --data "$JSON" $VAULTURL/v1/secret/data/linux/$(hostname)_rootpw | |
| # Then set it on the local machine | |
| echo $NEWPASS | passwd root --stdin |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment