Add pivault_unseal
pivaul_unseal automates the unsealing process for pivault. Since the primary vault is unsealed by pivault this is the only unseal script we should need.
This commit is contained in:
ducoterra
32
scripts/pivault_unseal.py
Executable file
32
scripts/pivault_unseal.py
Executable file
@@ -0,0 +1,32 @@
|
||||
#!/usr/bin/python3
|
||||
|
||||
import json
|
||||
import os
|
||||
import subprocess
|
||||
import threading
|
||||
|
||||
vaults = ["vault-0"]
|
||||
|
||||
home = os.getenv("HOME")
|
||||
with open(os.path.join(home, ".vault-keys/pivault-cluster-keys.json")) as f:
|
||||
vault_secrets = json.load(f)
|
||||
|
||||
procs = []
|
||||
|
||||
for vault in vaults:
|
||||
procs += [
|
||||
threading.Thread(
|
||||
target = subprocess.run,
|
||||
args = (
|
||||
["kubectl", "--context", "pikube.dnet-admin-pivault",
|
||||
"exec", "-ti", vault, "--",
|
||||
"vault", "operator", "unseal",
|
||||
vault_secrets.get("unseal_keys_b64")[key]],))
|
||||
for key in range(int(vault_secrets.get("unseal_threshold")))
|
||||
]
|
||||
|
||||
for thread in procs:
|
||||
thread.start()
|
||||
|
||||
for thread in procs:
|
||||
thread.join()
|
||||
Reference in New Issue
Block a user