From 74a364c8e138ae787fa6e6cd6d8d016e4c7b033f Mon Sep 17 00:00:00 2001
From: Slawomir Koszewski <slawek@koszewscy.waw.pl>
Date: Sun, 18 Jan 2026 12:01:29 +0100
Subject: [PATCH] Add unwrap and wrap scripts for handling wrapped secrets in
 Vault

---
 bin/unwrap.sh | 10 ++++++++++
 bin/wrap.sh   | 10 ++++++++++
 2 files changed, 20 insertions(+)
 create mode 100755 bin/unwrap.sh
 create mode 100755 bin/wrap.sh

diff --git a/bin/unwrap.sh b/bin/unwrap.sh
new file mode 100755
index 0000000..9bc4bd2
--- /dev/null
+++ b/bin/unwrap.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+# Usage: ./unwrap.sh <VAULT_TOKEN>
+# This script unwraps a wrapped secret in HashiCorp Vault using the provided token.
+
+curl -s -X PUT \
+	-H "X-Vault-Token: $1" \
+	-H "X-Vault-Request: true" \
+	-d 'null' \
+	https://vault.koszewscy.waw.pl/v1/sys/wrapping/unwrap | jq '.data'
diff --git a/bin/wrap.sh b/bin/wrap.sh
new file mode 100755
index 0000000..1a602ba
--- /dev/null
+++ b/bin/wrap.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+DEFAULT_TTL="60"
+ 
+curl \
+    --header "X-Vault-Token: $VAULT_TOKEN" \
+    --header "X-Vault-Wrap-TTL: $DEFAULT_TTL" \
+    --request POST \
+    --data "$1" \
+    $VAULT_ADDR/v1/sys/wrapping/wrap | jq 
\ No newline at end of file