harald/vault-hier
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
vault-hier/test_local.sh
Harald Hoyer 07cf031bbb Initial commit: Vault Hierarchical Initializer 
This commit adds the full implementation of vault-hier, a Rust utility for:
- Initializing HashiCorp Vault in production mode (non-dev)
- Handling Vault seal/unseal operations with key thresholds
- Using Docker Compose for containerized operation
- Supporting persistent storage via Docker volumes

Key components:
- Rust application for Vault interaction
- Docker and Docker Compose configuration
- Test scripts for local development
- Nix flake for development dependencies

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-03-20 12:49:44 +01:00

118 lines
3.1 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
set -e
# Detect OS and handle accordingly
if [[ "$OSTYPE" == "darwin"* ]]; then
# macOS
export VAULT_ADDR="http://127.0.0.1:8200"
VAULT_PID_FILE="/tmp/vault.pid"
elif [[ "$OSTYPE" == "linux-gnu"* ]]; then
# Linux
export VAULT_ADDR="http://127.0.0.1:8200"
VAULT_PID_FILE="/tmp/vault.pid"
else
# Windows or other
export VAULT_ADDR="http://127.0.0.1:8200"
VAULT_PID_FILE="./vault.pid"
fi
# Check if Vault is installed
if ! command -v vault &> /dev/null; then
echo "Vault is not installed. Please install it first."
exit 1
fi
# Check if there's already a Vault process running
if [ -f "$VAULT_PID_FILE" ]; then
VAULT_PID=$(cat "$VAULT_PID_FILE")
if ps -p $VAULT_PID > /dev/null; then
echo "Vault is already running with PID $VAULT_PID"
echo "Stopping the existing Vault server..."
kill -9 $VAULT_PID
rm "$VAULT_PID_FILE"
# Wait for the port to be released
sleep 2
else
echo "Vault PID file exists but the process is not running. Removing stale PID file."
rm "$VAULT_PID_FILE"
fi
fi
echo "Starting Vault server in non-dev mode..."
# Create temporary config file
mkdir -p /tmp/vault-test/data /tmp/vault-test/config
cat > /tmp/vault-test/config/vault.hcl << EOF
storage "file" {
path = "/tmp/vault-test/data"
}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = "true"
}
disable_mlock = true
ui = true
EOF
vault server -config=/tmp/vault-test/config/vault.hcl > ./vault_server.log 2>&1 &
VAULT_PID=$!
echo $VAULT_PID > "$VAULT_PID_FILE"
echo "Vault server started with PID $VAULT_PID"
echo "Vault server is running at $VAULT_ADDR"
# Wait for Vault to start
echo "Waiting for Vault to start..."
sleep 5
# Check if Vault is up and running
for i in {1..10}; do
if curl -fs -m 1 http://127.0.0.1:8200/v1/sys/health?standbyok=true\&sealedok=true\&uninitok=true > /dev/null 2>&1; then
echo "Vault is up and running!"
break
fi
if [ $i -eq 10 ]; then
echo "Timed out waiting for Vault to become available"
exit 1
fi
echo "Vault is unavailable - sleeping (attempt $i/10)"
sleep 2
done
# Build and run the Rust application
echo "Building and running the Rust application..."
cargo build && cargo run
# Check if the credentials file was created
if [ -f "vault-credentials.txt" ]; then
echo "Test successful! Credentials were saved to vault-credentials.txt"
# Extract the unseal keys for demonstration
UNSEAL_KEYS=$(grep "Key" vault-credentials.txt | head -n 3 | awk '{print $3}')
ROOT_TOKEN=$(grep "Root Token" vault-credentials.txt | awk '{print $3}')
echo "Root Token: $ROOT_TOKEN"
echo "First 3 Unseal Keys (needed for threshold):"
echo "$UNSEAL_KEYS"
# Clean up temporary files
rm -f vault-credentials.txt
else
echo "Test failed! Credentials file was not created."
exit 1
fi
echo -e "\nTest complete! Cleaning up..."
# Stop Vault server
kill -9 $VAULT_PID
rm "$VAULT_PID_FILE"
# Clean up test environment
rm -rf /tmp/vault-test
rm -f ./vault_server.log
echo "All cleaned up. Test successful!"
Reference in a new issue View git blame Copy permalink