use_vault

Sets up VAULT_TOKEN in current environment and ensures it’s valid. Opinionated for usage with OIDC method.

Usage

use vault

Notes

HashiCorp Vault binary operates using ~/.vault-token, so this function might be inconvenient to use with different Vault instances/namespaces.

If CI environment variable is set, then token validity check will be skipped (assumes token is always valid in CI).

Code

# shellcheck shell=bash
# vim: ft=bash

use_vault () {
    # In CI environment, require VAULT_TOKEN to be set externally
    if test -n "${CI}"; then
        strict_env env_vars_required VAULT_ADDR VAULT_TOKEN
        return 0
    fi

    strict_env env_vars_required VAULT_ADDR

    if ! has vault; then
        log_error "HashiCorp Vault is not installed"
        return 1
    fi

    #VAULT_TOKEN="$(vault read -field=id /auth/token/lookup-self)"
    #if [ "${?}" -gt "0" ]; then
    if ! VAULT_TOKEN="$(vault read -field=id /auth/token/lookup-self)"; then
        log_warn "Seems like 'vault token lookup' failed. Try logging in into Vault again with 'vault login -method=oidc'"
        return 1
    fi

    export VAULT_TOKEN
}