mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-09-03 04:51:12 +02:00
Code Issues Projects Releases Wiki Activity
vault/enos/modules/verify_secrets_engines/scripts/kmip/kmip-client-configure.sh
Luis (LT) Carbonell bfa0c41c6d
(enos) generalize container startup script (#31483)
2025-08-14 14:06:05 +00:00

48 lines
1.6 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
fail() {
echo "$1" 1>&2
exit 1
}
[[ -z "${SERVER_CA}" ]] && fail "SERVER_CA env variable has not been set"
[[ -z "${CLIENT_CA}" ]] && fail "CLIENT_CA env variable has not been set"
[[ -z "${VAULT_ADDR}" ]] && fail "VAULT_ADDR env variable has not been set"
[[ -z "${KMIP_PORT}" ]] && fail "KMIP_PORT env variable has not been set"
cd ~ || fail "Failed to change directory to home"
TEMP_DIR=/tmp/kmip_temp
mkdir -p "${TEMP_DIR}" || fail "Failed to create temporary directory"
echo "${SERVER_CA}" > "${TEMP_DIR}"/vault-ca.pem
echo "${CLIENT_CA}" > "${TEMP_DIR}"/client.pem
# Extract certificate and key from client bundle
cd "${TEMP_DIR}" || fail "Failed to change directory to ${TEMP_DIR}"
# Assuming CLIENT_CA contains both cert and key, split them
csplit -f client- client.pem '/-----BEGIN.*PRIVATE KEY-----/' '{*}'
mv client-00 cert.pem
mv client-01 key.pem
# Connect to the Percona KMIP Docker container and configure it
CONTAINER_CMD="sudo podman"
KMIP_DOCKER_NAME="kmip"
# Create MySQL data directory
${CONTAINER_CMD} exec -d "${KMIP_DOCKER_NAME}" sh -c 'mkdir -p /var/lib/mysql/testKMIP'
# Start MySQL with KMIP configuration
${CONTAINER_CMD} exec -d "${KMIP_DOCKER_NAME}" mysqld \
--datadir=/var/lib/mysql/testKMIP \
--early-plugin-load=keyring_kmip.so \
--keyring_kmip_server_name="${VAULT_ADDR}" \
--keyring_kmip_server_port="${KMIP_PORT}" \
--keyring_kmip_client_ca="${TEMP_DIR}/vault-ca.pem" \
--keyring_kmip_client_key="${TEMP_DIR}/key.pem" \
--keyring_kmip_client_cert="${TEMP_DIR}/cert.pem"
Reference in New Issue View Git Blame Copy Permalink