khuedoan-homelab/platform/vault/files/generate-secrets/main.go

83 lines
1.5 KiB
Go

package main
// TODO WIP clean up
// TODO ACL policy
// path "secret/*" {
// capabilities = [
// "create",
// "list"
// ]
// }
import (
"fmt"
"log"
"os"
vault "github.com/hashicorp/vault/api"
"github.com/sethvargo/go-password/password"
"gopkg.in/yaml.v2"
)
type RandomPassword struct {
Path string
Data []struct {
Key string
Length int
Special bool
}
}
func main() {
data, err := os.ReadFile("./config.yaml")
if err != nil {
log.Fatalf("unable to read config file: %v", err)
}
randomPasswords := []RandomPassword{}
err = yaml.Unmarshal([]byte(data), &randomPasswords)
if err != nil {
log.Fatalf("error: %v", err)
}
config := vault.DefaultConfig()
client, err := vault.NewClient(config)
if err != nil {
log.Fatalf("unable to initialize Vault client: %v", err)
}
for _, randomPassword := range randomPasswords {
path := fmt.Sprintf("/secret/data/%s", randomPassword.Path)
secret, _ := client.Logical().Read(path)
if secret == nil {
secretData := map[string]interface{}{
"data": map[string]interface{}{},
}
for _, randomKey := range randomPassword.Data {
res, err := password.Generate(32, 3, 3, false, true)
if err != nil {
log.Fatal(err)
}
secretData["data"].(map[string]interface{})[randomKey.Key] = res
}
_, err = client.Logical().Write(path, secretData)
if err != nil {
log.Fatalf("Unable to write secret: %v", err)
} else {
log.Println("Secret written successfully.")
}
} else {
log.Println("Key abc in secret already existed.")
}
}
}