khuedoan-homelab/platform/vault/files/generate-secrets/main.go

package main

// TODO WIP clean up

// TODO ACL policy
// path "secret/*" {
//   capabilities = [
//     "create",
//     "list"
//   ]
// }

import (
	"fmt"
	"log"
	"os"

	vault "github.com/hashicorp/vault/api"
	"github.com/sethvargo/go-password/password"
	"gopkg.in/yaml.v2"
)

type RandomPassword struct {
	Path string
	Data []struct {
		Key     string
		Length  int
		Special bool
	}
}

func main() {
	data, err := os.ReadFile("./config.yaml")

	if err != nil {
		log.Fatalf("unable to read config file: %v", err)
	}

	randomPasswords := []RandomPassword{}

	err = yaml.Unmarshal([]byte(data), &randomPasswords)
	if err != nil {
		log.Fatalf("error: %v", err)
	}
	config := vault.DefaultConfig()

	client, err := vault.NewClient(config)
	if err != nil {
		log.Fatalf("unable to initialize Vault client: %v", err)
	}

	for _, randomPassword := range randomPasswords {
		path := fmt.Sprintf("/secret/data/%s", randomPassword.Path)

		secret, _ := client.Logical().Read(path)

		if secret == nil {
			secretData := map[string]interface{}{
				"data": map[string]interface{}{},
			}

			for _, randomKey := range randomPassword.Data {
				res, err := password.Generate(32, 3, 3, false, true)
				if err != nil {
					log.Fatal(err)
				}

				secretData["data"].(map[string]interface{})[randomKey.Key] = res
			}

			_, err = client.Logical().Write(path, secretData)

			if err != nil {
				log.Fatalf("Unable to write secret: %v", err)
			} else {
				log.Println("Secret written successfully.")
			}
		} else {
			log.Println("Key abc in secret already existed.")
		}
	}
}
feat(vault): initial random secret generation 2022-02-26 21:48:03 +07:00			`package main`

refactor(vault): use address and token from env vars 2022-03-10 00:32:48 +07:00			`// TODO WIP clean up`
feat(vault): create random secret if not exists (WIP) 2022-03-01 02:18:45 +07:00
			`// TODO ACL policy`
			`// path "secret/*" {`
			`// capabilities = [`
			`// "create",`
			`// "list"`
			`// ]`
			`// }`

feat(vault): initial random secret generation 2022-02-26 21:48:03 +07:00			`import (`
feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`"fmt"`
feat(vault): initial random secret generation 2022-02-26 21:48:03 +07:00			`"log"`
feat(vault): read random secrets config from file instead 2022-03-09 01:05:51 +07:00			`"os"`
feat(vault): initial random secret generation 2022-02-26 21:48:03 +07:00
			`vault "github.com/hashicorp/vault/api"`
feat(vault): create random secret if not exists (WIP) 2022-03-01 02:18:45 +07:00			`"github.com/sethvargo/go-password/password"`
feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`"gopkg.in/yaml.v2"`
feat(vault): initial random secret generation 2022-02-26 21:48:03 +07:00			`)`

feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`type RandomPassword struct {`
refactor(vault): change random secret config structure 2022-03-09 01:00:24 +07:00			`Path string`
			`Data []struct {`
			`Key string`
			`Length int`
			`Special bool`
			`}`
feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`}`

feat(vault): initial random secret generation 2022-02-26 21:48:03 +07:00			`func main() {`
feat(vault): read random secrets config from file instead 2022-03-09 01:05:51 +07:00			`data, err := os.ReadFile("./config.yaml")`

			`if err != nil {`
			`log.Fatalf("unable to read config file: %v", err)`
			`}`

feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`randomPasswords := []RandomPassword{}`

feat(vault): read random secrets config from file instead 2022-03-09 01:05:51 +07:00			`err = yaml.Unmarshal([]byte(data), &randomPasswords)`
feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`if err != nil {`
			`log.Fatalf("error: %v", err)`
			`}`
feat(vault): initial random secret generation 2022-02-26 21:48:03 +07:00			`config := vault.DefaultConfig()`

			`client, err := vault.NewClient(config)`
			`if err != nil {`
			`log.Fatalf("unable to initialize Vault client: %v", err)`
			`}`

feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`for _, randomPassword := range randomPasswords {`
			`path := fmt.Sprintf("/secret/data/%s", randomPassword.Path)`
feat(vault): initial random secret generation 2022-02-26 21:48:03 +07:00
feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`secret, _ := client.Logical().Read(path)`
feat(vault): create random secret if not exists (WIP) 2022-03-01 02:18:45 +07:00
feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`if secret == nil {`
refactor(vault): change random secret config structure 2022-03-09 01:00:24 +07:00			`secretData := map[string]interface{}{`
			`"data": map[string]interface{}{},`
feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`}`
feat(vault): create random secret if not exists (WIP) 2022-03-01 02:18:45 +07:00
refactor(vault): change random secret config structure 2022-03-09 01:00:24 +07:00			`for _, randomKey := range randomPassword.Data {`
			`res, err := password.Generate(32, 3, 3, false, true)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`secretData["data"].(map[string]interface{})[randomKey.Key] = res`
feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`}`
feat(vault): create random secret if not exists (WIP) 2022-03-01 02:18:45 +07:00
feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`_, err = client.Logical().Write(path, secretData)`
refactor(vault): change random secret config structure 2022-03-09 01:00:24 +07:00
feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`if err != nil {`
			`log.Fatalf("Unable to write secret: %v", err)`
			`} else {`
			`log.Println("Secret written successfully.")`
			`}`
feat(vault): create random secret if not exists (WIP) 2022-03-01 02:18:45 +07:00			`} else {`
feat(vault): generate secrets from yaml input 2022-03-03 02:37:11 +07:00			`log.Println("Key abc in secret already existed.")`
feat(vault): create random secret if not exists (WIP) 2022-03-01 02:18:45 +07:00			`}`
feat(vault): initial random secret generation 2022-02-26 21:48:03 +07:00			`}`
			`}`