vault/entrypoint.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

#!/bin/sh

set -e

if [ -z "$API_ADDRESS" ]; then
	echo "Environment variable API_ADDRESS must be specified as addr:port"
	exit 1
fi

if [ -z "$CLUSTER_ADDRESS" ]; then
	echo "Environment variable CLUSTER_ADDRESS must be specified as addr:port"
	exit 1
fi

if [ -z "$VAULT_RAFT_NODE_ID" ]; then
	echo "Environment variable VAULT_RAFT_NODE_ID must be specified"
	exit 1
fi

if [ -z "$ENTRYPOINT_VAULT_HOSTNAME" ]; then
	echo "Environment variable ENTRYPOINT_VAULT_HOSTNAME must be specified"
	exit 1
fi

#openssl req -x509 -nodes -days 3650 -newkey rsa:4096 \
#	-keyout /private_key.pem -out /certificate.pem \
#	-subj "/C=US/L=Seattle/O=Pomona Consulting LLC/CN=${ENTRYPOINT_VAULT_HOSTNAME}"

envsubst < /vault.hcl.tpl > /vault.hcl

# TODO: Fix SAN
# TODO: Issuer has host CN
# TODO: Subject can just be CN

exec "$@"