From 2c64814975a1f5f116697e217ec68a737132e319 Mon Sep 17 00:00:00 2001
From: Verry Yann <yann+github@verry.org>
Date: Sun, 22 Mar 2020 18:16:09 +0100
Subject: [PATCH] add sealed vault support (quick & dirty)

---
 vault-cert-openssh.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/vault-cert-openssh.py b/vault-cert-openssh.py
index 48986e9..d0cc6d3 100644
--- a/vault-cert-openssh.py
+++ b/vault-cert-openssh.py
@@ -154,11 +154,15 @@ if __name__ == "__main__":
 
         if int(time.time()) > key['valid before']:
             print("Need to renew %s" % sys.argv[1])
-            vaultRenewKey(sys.argv[1],vault)
-        else:
-            print("Nothing to do")
+            try:
+              vaultRenewKey(sys.argv[1],vault)
+            except hvac.exceptions.VaultDown:
+              print("Vault is sealed, unable to renew SSH Key")
     except FileNotFoundError:
-      vaultRenewKey(sys.argv[1],vault)
+      try:
+        vaultRenewKey(sys.argv[1],vault)
+      except hvac.exceptions.VaultDown:
+            print("Vault is sealed, unable to renew SSH Key")
   else:
     print("Usage: %s [path to certificate]" % sys.argv[0])
-    exit(1)
\ No newline at end of file
+    exit(1)