mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-07 23:27:01 +02:00
Code Issues Projects Releases Wiki Activity
2e5fa1fd37
vault/enos/modules/verify_secrets_engines/scripts/ssh-verify-signed-key.sh
Charles 2e5fa1fd37 More cleanup
2025-02-12 22:51:33 -05:00

32 lines
972 B
Bash
Raw Blame History

#!/usr/bin/env bash
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
fail() {
echo "$1" 1>&2
exit 1
}
[[ -z "$SIGNED_KEY" ]] && fail "SIGNED_KEY env variable has not been set"
[[ -z "$CA_KEY_TYPE" ]] && fail "CA_KEY_TYPE env variable has not been set"
[[ -z "$VAULT_ADDR" ]] && fail "VAULT_ADDR env variable has not been set"
[[ -z "$VAULT_TOKEN" ]] && fail "VAULT_TOKEN env variable has not been set"
[[ -z "$VAULT_INSTALL_DIR" ]] && fail "VAULT_INSTALL_DIR env variable has not been set"
SIGNED_KEY_PATH="/signed-key.pub"
# Save the signed key to a file
echo "$SIGNED_KEY" > "$SIGNED_KEY_PATH"
# Inspect the signed key
if ! ssh_key_info=$(ssh-keygen -Lf "$SIGNED_KEY_PATH"); then
fail "Failed to verify signed SSH key"
fi
# Extract key type
ca_key_type=$(echo "$ssh_key_info" | grep "Type:" | awk '{print $2}')
if [[ "$ca_key_type" != *"$CA_KEY_TYPE"* ]]; then
fail "Key type mismatch: expected $CA_KEY_TYPE, got $ca_key_type"
fi
Reference in New Issue View Git Blame Copy Permalink