Merge pull request #31 from uwblueprint/kenzy/use-hcp-in-pushsecrets

Update push_secrets.sh to use hcp instead of vlt
uwblueprint · Sep 30, 2024 · 4b7ab20 · 4b7ab20
2 parents 2d806ff + b933701
commit 4b7ab20
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -58,12 +58,22 @@ Use the arrow keys to navigate: ↓ ↑ → ←
   ▸ sistema
 ```
 
+### Copying secrets from the vault to local
+
 - Copy secrets to a `.env` file
 
 ```bash
 ./setup_secrets.sh
 ```
 
+### Sending all local secrets to the vault (warning: this overwrites all secrets)
+
+- Push secrets from `.env` file to HashiCorp Vault
+
+```bash
+./push_secrets.sh
+```
+
 ## Version Control Guide
 
 ### Branching

diff --git a/push_secrets.sh b/push_secrets.sh
@@ -5,13 +5,13 @@ ENV_FILE=".env"
 
 # Login to Vault
 echo "Logging into Vault..."
-vlt login
+hcp auth login
 if [ $? -ne 0 ]; then
 echo "Failed to login to Vault. Please check your credentials."
 exit 1
 fi
 
-vlt config init
+hcp profile init
 
 # Check if .env file exists and exit if it doesn't
 if [ ! -f "$ENV_FILE" ]; then
@@ -21,19 +21,19 @@ fi
 
 # Fetch all existing secret keys and delete them
 echo "Fetching and deleting all existing secrets..."
-SECRET_KEYS=$(vlt secrets list -format=json | grep -Eo '"([^"]*)"\s*:\s*"([^"]*)"' | sed -E 's/^"([^"]*)"\s*:\s*"([^"]*)"$/\1=\2/' | grep "^name=" | grep -v "@" | sed 's/^name=//')
+SECRET_KEYS=$(hcp vault-secrets secrets list --format=json --app=sistema | grep -Eo '"([^"]*)"\s*:\s*"([^"]*)"' | sed -E 's/^"([^"]*)"\s*:\s*"([^"]*)"$/\1=\2/' | grep '^\(name=\|"name":\)'| grep -v "@" | sed 's/^"name": "\(.*\)"$/\1/; s/^name=\(.*\)$/\1/')
 
 for secret_key in $SECRET_KEYS; do
     echo "Deleting secret with name $secret_key"
-    vlt secrets delete "$secret_key" || echo "Failed to delete secret $secret_key."
+    hcp vault-secrets secrets delete "$secret_key" --app=sistema || echo "Failed to delete secret $secret_key."
     echo ""
 done
 
 # Read the secrets from the .env file and create them
 while IFS='=' read -r key value; do
     if [ -n "$key" ] && [ -n "$value" ]; then
         # Create the secret with the new value
-        vlt secrets create "$key"="$value" || echo "Failed to create secret for $key."
+        echo -n "$value" | hcp vault-secrets secrets create "$key" --app=sistema --data-file=- || echo "Failed to create secret for $key."
         echo ""
     fi
 done < "$ENV_FILE"