tech/sendico
2
0
Fork 0
Code Issues 34 Pull Requests Actions Packages Projects Releases Wiki Activity

[infra] vault + chsettle + aurora for dev

Browse Source
This commit is contained in:
Stephan D
2026-03-16 19:50:05 +01:00
parent 5b1aca86e7
commit 89edf33c2c
51 changed files with 1606 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ci/vlt
View File

@@ -3,19 +3,23 @@
# Requires: curl, sed. Uses VAULT_ADDR, VAULT_ROLE_ID, VAULT_SECRET_ID from env.
set -euo pipefail
: "${VAULT_ADDR:?missing VAULT_ADDR}"
VLT_VAULT_ADDR="${CI_VAULT_ADDR:-${VAULT_ADDR:-}}"
VLT_VAULT_ROLE_ID="${CI_VAULT_ROLE_ID:-${VAULT_ROLE_ID:-}}"
VLT_VAULT_SECRET_ID="${CI_VAULT_SECRET_ID:-${VAULT_SECRET_ID:-}}"
: "${VLT_VAULT_ADDR:?missing VAULT_ADDR}"
VAULT_TOKEN_FILE="${VAULT_TOKEN_FILE:-.vault_token}"
log(){ printf '[vlt] %s\n' "$*" >&2; }
login() {
: "${VAULT_ROLE_ID:?missing VAULT_ROLE_ID}"
: "${VAULT_SECRET_ID:?missing VAULT_SECRET_ID}"
: "${VLT_VAULT_ROLE_ID:?missing VAULT_ROLE_ID}"
: "${VLT_VAULT_SECRET_ID:?missing VAULT_SECRET_ID}"
log "login approle"
resp="$(curl -sfS -X POST -H 'Content-Type: application/json' \
--connect-timeout 5 --max-time 20 \
-d "{\"role_id\":\"${VAULT_ROLE_ID}\",\"secret_id\":\"${VAULT_SECRET_ID}\"}" \
"${VAULT_ADDR%/}/v1/auth/approle/login")"
-d "{\"role_id\":\"${VLT_VAULT_ROLE_ID}\",\"secret_id\":\"${VLT_VAULT_SECRET_ID}\"}" \
"${VLT_VAULT_ADDR%/}/v1/auth/approle/login")"
token="$(printf '%s' "$resp" | sed -n 's/.*"client_token"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"
[ -n "$token" ] || { echo "login failed" >&2; exit 1; }
printf '%s' "$token" > "$VAULT_TOKEN_FILE"
@@ -34,7 +38,7 @@ ensure_token() {
kv_get() {
mount="$1"; path="$2"; field="$3"
ensure_token
url="${VAULT_ADDR%/}/v1/${mount}/data/${path}"
url="${VLT_VAULT_ADDR%/}/v1/${mount}/data/${path}"
resp="$(curl -sfS --connect-timeout 5 --max-time 20 -H "X-Vault-Token: ${VAULT_TOKEN}" "$url")"
RESP="$resp" python3 - "$field" <<'PY'
import json, os, sys