Page MenuHomeDevCentral
Paste P351

Renew Vault certificates automation -

Authored by dereckson on Jun 2 2024, 22:34.
source $HOME/dev/python/vault/bin/activate
chmod 644 ca.pem certificate.pem fullchain.pem private.key
chmod 400 private.key
sudo mv ca.pem certificate.pem fullchain.pem private.key /usr/local/etc/certificates/vault/
sudo chown vault /usr/local/etc/certificates/vault/private.key
sudo kill -1 $(cat /var/run/
openssl s_client -connect < /dev/null | openssl x509 -noout -subject -issuer -dates -serial

Event Timeline

source $HOME/dev/python/vault/bin/activate

Needs hvac and pyyaml as packages to be installed on the server, Complector doesn't currently have hvac, only pyyaml.

sudo kill -1 $(cat /var/run/

Error management should be done to check if that pids exist or return an error code.

Also, that script is probably a good candidate to run as vault or root user, sudo needs to be dropped.