Last active
November 19, 2019 16:34
-
-
Save soeirosantos/e07ae80cc98cac103526d000569948cf to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Utility to unseal Vault lab and test environments. | |
| # Got questions? slack: #delivery-engineering | |
| # | |
| # How to use: | |
| # Provide a list of the Vault IP addresses you want to unseal | |
| # and a file `.unseal_key` with a single line containing the | |
| # unseal key | |
| # | |
| # $ ./unseal.sh 35.243.150.33 34.74.214.198 35.227.82.89 | |
| # | |
| # - To get the list of IPs you can use the GCP web console or try this command | |
| # $ echo vault-test | xargs -IF gcloud compute instances list --filter="status=running and name ~ F" --format="json" | jq -r '.[] | "\(.name) - \(.networkInterfaces[0].accessConfigs[0].natIP)"' | |
| # | |
| set -e | |
| unseal_key=$(cat .unseal_key) | |
| # better to use VAULT_TLS_SERVER_NAME and VAULT_CACERT | |
| export VAULT_SKIP_VERIFY=true | |
| for ip in $@ | |
| do | |
| export VAULT_ADDR="https://$ip" | |
| vault operator unseal $unseal_key | |
| done | |
| unset VAULT_SKIP_VERIFY | |
| unset VAULT_ADDR | |
| echo "Removing the .unseal_key file" | |
| rm .unseal_key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment