add sealed vault support (quick & dirty)

2020-03-22 18:16:09 +01:00 · 2020-03-22 18:16:09 +01:00 · 2c64814975
parent e670b2fb9b
commit 2c64814975
1 changed files with 9 additions and 5 deletions
--- a/vault-cert-openssh.py
+++ b/vault-cert-openssh.py
@ -154,11 +154,15 @@ if __name__ == "__main__":

        if int(time.time()) > key['valid before']:
            print("Need to renew %s" % sys.argv[1])
-            vaultRenewKey(sys.argv[1],vault)
-        else:
-            print("Nothing to do")
+            try:
+              vaultRenewKey(sys.argv[1],vault)
+            except hvac.exceptions.VaultDown:
+              print("Vault is sealed, unable to renew SSH Key")
    except FileNotFoundError:
-      vaultRenewKey(sys.argv[1],vault)
+      try:
+        vaultRenewKey(sys.argv[1],vault)
+      except hvac.exceptions.VaultDown:
+            print("Vault is sealed, unable to renew SSH Key")
  else:
    print("Usage: %s [path to certificate]" % sys.argv[0])
    exit(1)