diff --git a/src/commands/auth/login.sh b/src/commands/auth/login.sh index 5585817..3434a9a 100644 --- a/src/commands/auth/login.sh +++ b/src/commands/auth/login.sh @@ -107,6 +107,7 @@ wx-login(){ wxi-stop fi + TOKEN=$VAULT_LOGIN wxi-config login ;; *) diff --git a/src/commands/infra.sh b/src/commands/infra.sh index c24982d..f0b3f24 100644 --- a/src/commands/infra.sh +++ b/src/commands/infra.sh @@ -21,12 +21,12 @@ wx-infra(){ mkdir -p "$INFRA_PATH/vault" &> /dev/null curl \ - -H "X-Vault-Token: $VAULT_TOKEN" \ + -H "X-Vault-Token: $TOKEN" \ -X GET \ https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw" curl \ - -H "X-Vault-Token: $VAULT_TOKEN" \ + -H "X-Vault-Token: $TOKEN" \ -X GET \ https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup" fi diff --git a/src/commands/ssh/config/clean.sh b/src/commands/ssh/config/clean.sh index a20f05b..7ca6f58 100644 --- a/src/commands/ssh/config/clean.sh +++ b/src/commands/ssh/config/clean.sh @@ -2,7 +2,7 @@ wxi-ssh-config-clean(){ wxi-header "SSH / Config / Clean" wxi-restricted - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN") + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN") if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]] then rm "$HOME/.ssh/config" diff --git a/src/commands/ssh/config/save.sh b/src/commands/ssh/config/save.sh index 70d5b09..477e8ca 100644 --- a/src/commands/ssh/config/save.sh +++ b/src/commands/ssh/config/save.sh @@ -4,7 +4,7 @@ wxi-ssh-config-save(){ if [[ -f "$HOME/.ssh/config" ]] then - curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null + curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null fi wxi-footer } diff --git a/src/commands/ssh/config/sync.sh b/src/commands/ssh/config/sync.sh index 7963ed6..29d1102 100644 --- a/src/commands/ssh/config/sync.sh +++ b/src/commands/ssh/config/sync.sh @@ -2,15 +2,15 @@ wxi-ssh-config-sync(){ wxi-header "SSH / Config / Sync" wxi-restricted - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN") + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN") if [[ $VAULT_STATUS -eq 200 ]] then touch ~/.ssh/config - SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64) + SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64) SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64) if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]] then - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 chmod 700 ~/.ssh/config fi fi diff --git a/src/commands/ssh/keys/clean.sh b/src/commands/ssh/keys/clean.sh index 1cc1461..f9b091f 100644 --- a/src/commands/ssh/keys/clean.sh +++ b/src/commands/ssh/keys/clean.sh @@ -20,7 +20,7 @@ wxi-ssh-keys-clean(){ for file in ~/.ssh/keys/* do - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $VAULT_TOKEN") + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $TOKEN") if [[ $VAULT_STATUS -eq 200 ]] then rm "$file" &> /dev/null diff --git a/src/commands/ssh/keys/retrieve.sh b/src/commands/ssh/keys/retrieve.sh index ef0d347..5956922 100644 --- a/src/commands/ssh/keys/retrieve.sh +++ b/src/commands/ssh/keys/retrieve.sh @@ -4,12 +4,12 @@ wxi-ssh-keys-retrieve(){ if [[ ! -z $1 ]] then - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN") + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN") if [[ $VAULT_STATUS -eq 200 ]] then - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 chmod 700 ~/.ssh/keys/$1 - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 chmod 700 ~/.ssh/keys/$1.pub fi fi diff --git a/src/commands/ssh/keys/save.sh b/src/commands/ssh/keys/save.sh index 381da7f..4a1bb5a 100644 --- a/src/commands/ssh/keys/save.sh +++ b/src/commands/ssh/keys/save.sh @@ -6,7 +6,7 @@ wxi-ssh-keys-save(){ then if [[ -f "$HOME/.ssh/keys/$1" ]] then - curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null + curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null fi fi wxi-footer diff --git a/src/commands/ssh/keys/sign.sh b/src/commands/ssh/keys/sign.sh index bc1b682..2561089 100644 --- a/src/commands/ssh/keys/sign.sh +++ b/src/commands/ssh/keys/sign.sh @@ -22,6 +22,6 @@ wxi-ssh-keys-sign-create(){ if [[ -f "$HOME/.ssh/keys/$NAME" ]] then wxi-content text "$NAME/$ROLE" - echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 fi } diff --git a/src/commands/ssh/keys/sync.sh b/src/commands/ssh/keys/sync.sh index 9ade561..d04c5ee 100644 --- a/src/commands/ssh/keys/sync.sh +++ b/src/commands/ssh/keys/sync.sh @@ -1,13 +1,13 @@ wxi-ssh-keys-sync(){ wxi-header "SSH / Keys / Sync" wxi-restricted - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN") + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN") if [[ $VAULT_STATUS -eq 200 ]] then - for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \') + for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \') do wxi-content text $name - wxi-ssh-keys-retrieve $name --multiple + wxi-ssh-keys-retrieve $name &> /dev/null done fi wxi-footer diff --git a/src/functions/config.sh b/src/functions/config.sh index 953a7db..1cc6b8d 100644 --- a/src/functions/config.sh +++ b/src/functions/config.sh @@ -1,7 +1,7 @@ wxi-config(){ case $1 in login) - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp + jq '.login.'$ORG'.token = "'$TOKEN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp ;; *) echo -n "" diff --git a/wx b/wx index 2e1d8cf..e12b9b3 100755 --- a/wx +++ b/wx @@ -12,7 +12,7 @@ declare -Ax messages wxi-config(){ case $1 in login) - jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp + jq '.login.'$ORG'.token = "'$TOKEN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp ;; *) echo -n "" @@ -293,12 +293,12 @@ wx-infra(){ mkdir -p "$INFRA_PATH/vault" &> /dev/null curl \ - -H "X-Vault-Token: $VAULT_TOKEN" \ + -H "X-Vault-Token: $TOKEN" \ -X GET \ https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw" curl \ - -H "X-Vault-Token: $VAULT_TOKEN" \ + -H "X-Vault-Token: $TOKEN" \ -X GET \ https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup" fi @@ -491,6 +491,7 @@ wx-login(){ wxi-stop fi + TOKEN=$VAULT_LOGIN wxi-config login ;; *) @@ -693,7 +694,7 @@ wxi-ssh-config-clean(){ wxi-header "SSH / Config / Clean" wxi-restricted - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN") + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN") if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]] then rm "$HOME/.ssh/config" @@ -715,7 +716,7 @@ wxi-ssh-config-save(){ if [[ -f "$HOME/.ssh/config" ]] then - curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null + curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null fi wxi-footer } @@ -724,15 +725,15 @@ wxi-ssh-config-sync(){ wxi-header "SSH / Config / Sync" wxi-restricted - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN") + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN") if [[ $VAULT_STATUS -eq 200 ]] then touch ~/.ssh/config - SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64) + SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64) SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64) if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]] then - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1 chmod 700 ~/.ssh/config fi fi @@ -761,7 +762,7 @@ wxi-ssh-keys-clean(){ for file in ~/.ssh/keys/* do - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $VAULT_TOKEN") + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $TOKEN") if [[ $VAULT_STATUS -eq 200 ]] then rm "$file" &> /dev/null @@ -792,12 +793,12 @@ wxi-ssh-keys-retrieve(){ if [[ ! -z $1 ]] then - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN") + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN") if [[ $VAULT_STATUS -eq 200 ]] then - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1 chmod 700 ~/.ssh/keys/$1 - echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1 chmod 700 ~/.ssh/keys/$1.pub fi fi @@ -813,7 +814,7 @@ wxi-ssh-keys-save(){ then if [[ -f "$HOME/.ssh/keys/$1" ]] then - curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null + curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null fi fi wxi-footer @@ -843,20 +844,20 @@ wxi-ssh-keys-sign-create(){ if [[ -f "$HOME/.ssh/keys/$NAME" ]] then wxi-content text "$NAME/$ROLE" - echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 + echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1 fi } wxi-ssh-keys-sync(){ wxi-header "SSH / Keys / Sync" wxi-restricted - VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN") + VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN") if [[ $VAULT_STATUS -eq 200 ]] then - for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \') + for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \') do wxi-content text $name - wxi-ssh-keys-retrieve $name --multiple + wxi-ssh-keys-retrieve $name &> /dev/null done fi wxi-footer