39 lines
713 B
Bash
39 lines
713 B
Bash
|
#!/bin/bash
|
||
|
|
||
|
vault_output="$1"
|
||
|
vault_regex=".*\.yml$"
|
||
|
vault_var_name="k8s_cluster_token"
|
||
|
token="$(openssl rand -hex 16)"
|
||
|
|
||
|
print_token() {
|
||
|
echo "$token"
|
||
|
}
|
||
|
|
||
|
print_yaml() {
|
||
|
printf -- "---\n$vault_var_name: %s\n" "$token"
|
||
|
}
|
||
|
|
||
|
encrypt_token() {
|
||
|
ansible-vault encrypt_string "$token" --name "$vault_var_name"
|
||
|
}
|
||
|
|
||
|
encrypt_yaml() {
|
||
|
print_yaml | ansible-vault encrypt
|
||
|
}
|
||
|
|
||
|
if [ -n "$vault_output" ]; then
|
||
|
if [[ $vault_output =~ $vault_regex ]]; then
|
||
|
if [ -f "$vault_output" ]; then
|
||
|
echo "output file already exists, no token generated"
|
||
|
exit 0
|
||
|
else
|
||
|
encrypt_yaml > "$vault_output"
|
||
|
fi
|
||
|
else
|
||
|
echo "supplied output file should end with .yml"
|
||
|
exit 1
|
||
|
fi
|
||
|
else
|
||
|
encrypt_token
|
||
|
fi
|