Add unwrap and wrap scripts for handling wrapped secrets in Vault

2026-01-18 12:01:29 +01:00
parent 691bcf2bb4
commit 74a364c8e1
2 changed files with 20 additions and 0 deletions
--- a/bin/unwrap.sh
+++ b/bin/unwrap.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+# Usage: ./unwrap.sh <VAULT_TOKEN>
+# This script unwraps a wrapped secret in HashiCorp Vault using the provided token.
+
+curl -s -X PUT \
+	-H "X-Vault-Token: $1" \
+	-H "X-Vault-Request: true" \
+	-d 'null' \
+	https://vault.koszewscy.waw.pl/v1/sys/wrapping/unwrap | jq '.data'
--- a/bin/wrap.sh
+++ b/bin/wrap.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+DEFAULT_TTL="60"
+ 
+curl \
+    --header "X-Vault-Token: $VAULT_TOKEN" \
+    --header "X-Vault-Wrap-TTL: $DEFAULT_TTL" \
+    --request POST \
+    --data "$1" \
+    $VAULT_ADDR/v1/sys/wrapping/wrap | jq