Page MenuHomeDevCentral
Paste P351

Renew Vault certificates automation - renew.sh
ActivePublic

Authored by dereckson on Jun 2 2024, 22:34.
source $HOME/dev/python/vault/bin/activate
python3 renew.py
chmod 644 ca.pem certificate.pem fullchain.pem private.key
chmod 400 private.key
sudo mv ca.pem certificate.pem fullchain.pem private.key /usr/local/etc/certificates/vault/
sudo chown vault /usr/local/etc/certificates/vault/private.key
sudo kill -1 $(cat /var/run/vault.pid)
openssl s_client -connect 172.27.27.7:8200 < /dev/null | openssl x509 -noout -subject -issuer -dates -serial

Event Timeline

source $HOME/dev/python/vault/bin/activate

Needs hvac and pyyaml as packages to be installed on the server, Complector doesn't currently have hvac, only pyyaml.

sudo kill -1 $(cat /var/run/vault.pid)

Error management should be done to check if that pids exist or return an error code.

Also, that script is probably a good candidate to run as vault or root user, sudo needs to be dropped.