Skip to content

Instantly share code, notes, and snippets.

@skarnecki
Last active September 6, 2017 09:24
Show Gist options
  • Save skarnecki/3fa583afa46b6330a66dea3d2581af9f to your computer and use it in GitHub Desktop.
Save skarnecki/3fa583afa46b6330a66dea3d2581af9f to your computer and use it in GitHub Desktop.
run.sh
#!/usr/bin/env sh
#Required libs
#ca-certificates wget curl-dev py-pip jq
# Get consul template
wget -O envconsul.zip wget https://releases.hashicorp.com/envconsul/0.6.2/envconsul_0.6.2_linux_amd64.zip
unzip envconsul.zip
mv envconsul /usr/bin/
# Get IAM task role ARN from metadata, extract name of ARN, replace '-task-role' if found
if [ -z "$VAULT_PROJECT_NAME" ];then
VAULT_PROJECT_NAME=$(curl -s 169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI |jq ".RoleArn"|cut -d / -f2|sed 's/-task-role//g'|sed 's/"//g')
fi
# Get app role/secret
pip install awscli
echo "downloading s3://pre-vault/$VAULT_PROJECT_NAME/credentials.json"
aws s3 cp s3://pre-vault/$VAULT_PROJECT_NAME/credentials.json .
ROLE_ID=$(cat credentials.json|jq ".role_id")
echo $ROLE_ID
#Get vault token using role_id
CLIENT_TOKEN=$(curl -sX POST -d "{\"role_id\":$ROLE_ID}" $VAULT_ADDR/v1/auth/approle/login | jq ".auth.client_token")
echo $CLIENT_TOKEN
echo "vault{
address = \"$VAULT_ADDR\"
renew = true
token = $CLIENT_TOKEN
}
secret{
format = \"{{ key }}\"
no_prefix = true
path = \"secret/$VAULT_PROJECT_NAME\"
}
" > config.hcl
envconsul -config="./config.hcl" -log-level debug "$@"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment