diff --git a/hashicorp-kmip-setup.sh b/hashicorp-kmip-setup.sh index cf459a46..55353e90 100755 --- a/hashicorp-kmip-setup.sh +++ b/hashicorp-kmip-setup.sh @@ -1,8 +1,10 @@ #!/usr/bin/env bash set -euo pipefail +# Initialize variables VERBOSE=false -CERTS_DIR="" # Initialize as empty +CERTS_HOME_DIR="" +VAULT_LICENSE="" # Parse arguments while [[ $# -gt 0 ]]; do @@ -12,11 +14,11 @@ while [[ $# -gt 0 ]]; do shift ;; --cert-dir=*|--certs-dir=*) - CERTS_DIR="${1#*=}" - if [[ -z "$CERTS_DIR" ]]; then - echo "Error: --cert-dir= or --certs-dir= requires a directory path" - exit 1 - fi + CERTS_HOME_DIR="${1#*=}" + shift + ;; + --license=*) + VAULT_LICENSE="${1#*=}" shift ;; -*) @@ -29,16 +31,28 @@ while [[ $# -gt 0 ]]; do esac done -# Base directory under $HOME -VAULT_BASE="${HOME}/vault" +# If Cert Dir is not provided use $HOME as default path +# A bit hacky, but used by wrappers. +if [[ -z "$CERTS_HOME_DIR" ]] || [[ ! -d "$CERTS_HOME_DIR" ]] ; then + VAULT_BASE="${HOME}/vault" +else + VAULT_BASE="${CERTS_HOME_DIR}/vault" +fi + CONFIG_DIR="${VAULT_BASE}/config" DATA_DIR="${VAULT_BASE}/data" LOG_DIR="${VAULT_BASE}/log" -CERTS_DIR="${CERTS_DIR:-${VAULT_BASE}/certs}" +CERTS_DIR="${CERTS_HOME_DIR:-${VAULT_BASE}/certs}" VAULT_HCL="${CONFIG_DIR}/vault.hcl" SCRIPT_DIR="$(pwd)" -VAULT_LICENSE="${SCRIPT_DIR}/vault.hclic" CONTAINER_NAME="kmip_hashicorp" +DEFAULT_LICENSE="${SCRIPT_DIR}/vault.hclic" +# Set default license path if not provided via argument +if [[ -z "$VAULT_LICENSE" ]]; then + if [[ -f "$DEFAULT_LICENSE" ]]; then + VAULT_LICENSE="$DEFAULT_LICENSE" + fi +fi # Create all necessary directories, and provide permissions for Docker container access. mkdir -p "${CONFIG_DIR}" "${DATA_DIR}" "${LOG_DIR}" "${CERTS_DIR}" @@ -48,15 +62,18 @@ sudo chown -R 100:1000 "${LOG_DIR}" sudo chown -R 100:1000 "${CERTS_DIR}" # Ensure license file exists -echo "[INFO] Checking for license in working directory..." +echo "[INFO] Checking for license file..." -if [[ ! -f "${VAULT_LICENSE}" ]]; then - echo "[ERROR] License file 'vault.hclic' not found in:" - echo " ${SCRIPT_DIR}" - echo "[INFO] Please place the license file here and retry" +if [[ -z "$VAULT_LICENSE" ]] || [[ ! -f "$VAULT_LICENSE" ]]; then + echo "[ERROR] License file not found" + echo "[INFO] Please provide a license file either:" + echo " 1. Pass the license path with: --license=/path/to/vault.hclic" + echo " 2. Place 'vault.hclic' in the script directory: ${SCRIPT_DIR}" exit 1 fi +echo "[INFO] Using license from: ${VAULT_LICENSE}" + create_vault_hcl() { if [[ -f "${VAULT_HCL}" ]]; then echo "[INFO] Vault HCL config already exists at ${VAULT_HCL}" @@ -93,15 +110,15 @@ start_vault_container() { case "${container_status}" in running) - echo "[INFO] Vault container already running" + echo "[INFO] HashiCorp Vault container already running" return 0 ;; exited) - echo "[INFO] Starting existing Vault container" + echo "[INFO] Starting existing HashiCorp Vault container" docker start "${CONTAINER_NAME}" >/dev/null ;; *) - echo "[INFO] Launching new Vault container" + echo "[INFO] Launching new HashiCorp Vault container" docker run -d \ --name "${CONTAINER_NAME}" \ -e VAULT_DISABLE_MLOCK=true \ @@ -197,7 +214,7 @@ configure_kmip() { } verify_kmip_connection() { - echo "[INFO] Verifying KMIP connection..." + echo "[INFO] Verifying HashiCorp KMIP connection..." local output local timeout=10 # seconds @@ -224,9 +241,9 @@ main() { configure_kmip verify_kmip_connection - echo "[INFO] Vault Enterprise deployment successful" + echo "[INFO] HashiCorp Vault Enterprise deployment successful" if [ "$VERBOSE" = true ]; then - echo "[INFO] KMIP setup completed successfully!" + echo "[INFO] HashiCorp KMIP setup completed successfully!" echo "[INFO] Files created within $CERTS_DIR:" echo "[INFO] - Private key: $CERTS_DIR/client_key.pem" echo "[INFO] - Certificate: $CERTS_DIR/client_certificate.pem"