forked from bank-vaults/bank-vaults
-
Notifications
You must be signed in to change notification settings - Fork 0
/
init.go
62 lines (47 loc) · 1.69 KB
/
init.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package main
import (
"github.com/hashicorp/vault/api"
"github.com/jacohend/bank-vaults/pkg/vault"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"os"
)
const cfgInitRootToken = "init-root-token"
const cfgStoreRootToken = "store-root-token"
var initCmd = &cobra.Command{
Use: "init",
Short: "Initialise the target Vault instance",
Long: `This command will verify the Cloud KMS service is accessible, then
run "vault init" against the target Vault instance, before encrypting and
storing the keys in the Cloud KMS keyring.
It will not unseal the Vault instance after initialising.`,
Run: func(cmd *cobra.Command, args []string) {
appConfig.BindPFlag(cfgInitRootToken, cmd.PersistentFlags().Lookup(cfgInitRootToken))
appConfig.BindPFlag(cfgStoreRootToken, cmd.PersistentFlags().Lookup(cfgStoreRootToken))
store, err := kvStoreForConfig(appConfig)
if err != nil {
logrus.Fatalf("error creating kv store: %s", err.Error())
}
cl, err := api.NewClient(nil)
if err != nil {
logrus.Fatalf("error connecting to vault: %s", err.Error())
}
vaultConfig, err := vaultConfigForConfig(appConfig)
if err != nil {
logrus.Fatalf("error building vault config: %s", err.Error())
}
v, err := vault.New(store, cl, vaultConfig)
if err != nil {
logrus.Fatalf("error creating vault helper: %s", err.Error())
}
if err = v.Init(); err != nil {
logrus.Fatalf("error initialising vault: %s", err.Error())
os.Exit(1)
}
},
}
func init() {
initCmd.PersistentFlags().String(cfgInitRootToken, "", "root token for the new vault cluster")
initCmd.PersistentFlags().Bool(cfgStoreRootToken, true, "should the root token be stored in the key store")
rootCmd.AddCommand(initCmd)
}