unseal-vault/cmd/main.go

71 lines
1.6 KiB
Go
Raw Normal View History

2022-10-08 19:23:53 +00:00
package main
import(
consulapi "github.com/hashicorp/consul/api"
"fmt"
"os"
vaultapi "github.com/hashicorp/vault/api"
)
func main() {
var key string
consulClient,err := consulapi.NewClient(&consulapi.Config{Address: "consul.service.consul:8500"})
if err!= nil {
fmt.Println(err.Error())
os.Exit(1)
}
services:=searchService("vault",consulClient)
for _, element :=range services {
url:=fmt.Sprint("http://",element.ServiceAddress, ":", element.ServicePort)
vaultClient, err:=vaultapi.NewClient(&vaultapi.Config{Address: url})
if err!= nil {
fmt.Println(err.Error())
os.Exit(1)
}
if vaultisseal(vaultClient){
fmt.Println(url + "is sealed")
if key == "" {
fmt.Print("enter your key: ")
fmt.Scan(&key)
}
status,err:=vaultunseal(vaultClient,key)
if err != nil {
fmt.Println(err.Error())
}
if status.Sealed == false {
fmt.Println("unseal success")
}
}else{
fmt.Println(url + " not sealed")
}
}
}
func searchService(name string,consul *consulapi.Client) []*consulapi.CatalogService{
catalog:= consul.Catalog()
q := &consulapi.QueryOptions{}
services, _, _ := catalog.Service(name,"",q)
return services
}
func vaultisseal (vaultClient *vaultapi.Client) (bool){
sys:=vaultClient.Sys()
health,err:= sys.Health()
if err != nil {
fmt.Println(err.Error())
return false
}
return health.Sealed
}
func vaultunseal (vaultClient *vaultapi.Client,key string) (*vaultapi.SealStatusResponse,error){
sys:=vaultClient.Sys()
status,err := sys.Unseal(key)
return status,err
}