-
Notifications
You must be signed in to change notification settings - Fork 1
/
vault2secret.rb
executable file
·79 lines (62 loc) · 1.65 KB
/
vault2secret.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/usr/bin/env ruby
require 'optparse'
require 'vault'
require 'yaml'
require 'base64'
options = {}
optparse = OptionParser.new do |opts|
opts.banner = "Usage: vault2secret.rb [options]"
opts.on('-k', '--key-value KEYVALUEPATH', 'Vault secret path') do |v|
options[:kv] = v
end
opts.on('-f', '--file FILE', 'Ouput file') do |v|
options[:file] = v
end
opts.on('-v', '--vault VAULTURL', 'Vault URL') do |v|
options[:vault] = v
end
opts.on('-u', '--vault-token VAULTTOKEN', 'Vault token') do |v|
options[:vault_token] = v
end
opts.on('-n', '--name NAME', 'Secret name') do |v|
options[:name] = v
end
opts.on('-m', '--namespace NAMESPACE', 'Secret namespace') do |v|
options[:namespace] = v
end
opts.on('-b', '--base64', 'Vault values are Base64 encoded') do |v|
options[:base64] = true
end
end
optparse.parse!
if options[:vault].nil? ||
options[:vault_token].nil? ||
options[:kv].nil? ||
options[:namespace].nil? ||
options[:name].nil?
puts "Missing one of required options"
abort(optparse.help)
end
Vault.configure do |config|
config.address = options[:vault] || ENV["VAULT_ADDR"]
config.token = options[:vault_token] || ENV["VAULT_TOKEN"]
end
vault_keys = Vault.logical.read(options[:kv])
output = {
'apiVersion' => 'v1',
'kind' => 'Secret',
'type' => 'Opaque',
'metadata' => {
'name' => options[:name],
'namespace' => options[:namespace]
},
'data' => {}
}
vault_keys.data[:data].each do |k,v|
output['data'][k.to_s]= (options[:base64] ? v : Base64.strict_encode64(v))
end
if options[:file].nil?
puts output.to_yaml
else
File.write(options[:file], output.to_yaml)
end