yann/vault-cert-openssh
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

try more and more

Browse source
This commit is contained in:
Verry Yann 2019-05-08 16:02:23 +02:00
parent 8c3531880a
commit fd78283db4
Signed by: yann
GPG key ID: 19754E8692B8416C
1 changed files with 21 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
vault-cert-openssh.py
View file

@ -15,16 +15,20 @@ import time, os
import base64 import base64
from struct import unpack from struct import unpack
def vaultRenewKey(filename, vault_var): def vaultRenewKey(filename, vault):
sshKey = filename.replace('-cert','') sshKey = filename.replace('-cert','')
public_key = open(sshKey,'r') try:
client = hvac.Client(url=vault_var['VAULT_ADDR'], token=vault_var['VAULT_TOKEN']) public_key = open(sshKey,'r')
renew = client.write(vault_var['VAULT_SSHSIGNPATH'],public_key=public_key.read()) client = hvac.Client(url=vault['VAULT_ADDR'], token=vault['VAULT_TOKEN'])
renew = client.write(vault['VAULT_SSHSIGNPATH'],public_key=public_key.read())
if len(renew['data']['signed_key']) > 0: if len(renew['data']['signed_key']) > 0:
s = open(filename,'w') s = open(filename,'w')
s.write(renew['data']['signed_key']) s.write(renew['data']['signed_key'])
s.close() s.close()
except FileNotFoundError:
print("OpenSSH Key (%s) is missing" % sshKey)
os._exit(-1)
def Decode(base64encoded): def Decode(base64encoded):
certType, bin = decodeString(base64.b64decode(base64encoded)) certType, bin = decodeString(base64.b64decode(base64encoded))
@ -120,33 +124,33 @@ formats = {
if __name__ == "__main__": if __name__ == "__main__":
import sys import sys
vault_var = dict() vault = dict()
try: try:
vault_var['VAULT_SSHSIGNPATH'] = os.environ['VAULT_SSHSIGNPATH'] vault['VAULT_SSHSIGNPATH'] = os.environ['VAULT_SSHSIGNPATH']
vault_var['VAULT_ADDR'] = os.environ['VAULT_ADDR'] vault['VAULT_ADDR'] = os.environ['VAULT_ADDR']
except KeyError as e: except KeyError as e:
print('Error ' + str(e) + ' variable is missing') print('Error %s variable is missing' % str(e))
try: try:
vault_var['VAULT_TOKEN'] = os.environ['VAULT_TOKEN'] vault['VAULT_TOKEN'] = os.environ['VAULT_TOKEN']
except KeyError: except KeyError:
from os.path import expanduser from os.path import expanduser
home = expanduser("~") home = expanduser("~")
o = open(home + '/.vault-token','r') o = open(home + '/.vault-token','r')
vault_var['VAULT_TOKEN'] = o.read().splitlines()[0] vault['VAULT_TOKEN'] = o.read().splitlines()[0]
if len(sys.argv) > 1: if len(sys.argv) > 1:
try: try:
with open(sys.argv[1],'r') as f: with open(sys.argv[1],'r') as f:
key = Decode(f.read().split(" ")[1]) key = Decode(f.read().split(" ")[1])
if int(time.time()) > key['valid before']: if int(time.time()) > key['valid before']:
print("Need to renew" + sys.argv[1]) print("Need to renew %s" % sys.argv[1])
vaultRenewKey(sys.argv[1],vault_var) vaultRenewKey(sys.argv[1],vault)
else: else:
print("Nothing to do") print("Nothing to do")
except FileNotFoundError: except FileNotFoundError:
vaultRenewKey(sys.argv[1],vault_var) vaultRenewKey(sys.argv[1],vault)
else: else:
print("Usage: %s [path to certificate]" % sys.argv[0]) print("Usage: %s [path to certificate]" % sys.argv[0])
exit(1) exit(1)