-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathimport-secrets.rb
38 lines (34 loc) · 1.31 KB
/
import-secrets.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
require 'yaml'
require 'json'
input_filename, map_filename, new_keyvault_name = ARGV.first(3)
puts "Input filename is #{input_filename}"
puts "Map filename is #{map_filename}"
puts "New keyvault name is #{new_keyvault_name}"
map = YAML.load_file(map_filename)
yaml = YAML.load_file(input_filename)
key_vaults = []
yaml['env'].each_pair do |key, value|
if value.to_s =~ /<azure-secret:(.*)>/
result_json = `az keyvault secret show --name #{Regexp.last_match(1)} --subscription 58a2ce36-4e09-467b-8330-d164aa559c68 --vault-name f74dd7b303a6devops`
result = JSON.parse(result_json)
new_key = map['env'][key]
value = result['value']
if new_key
cmd = "az keyvault secret set --name #{new_key} --subscription 1c4f0704-a29e-403d-b719-b90c34ef14c9 --vault-name #{new_keyvault_name} --value \"#{value}\""
result_json = `#{cmd}`
result = JSON.parse(result_json)
if result['name'] != new_key || result['value'] != value
raise "Error writing secret #{new_key} to key vault #{new_keyvault_id}"
end
key_vaults << " - name: #{new_key}\n alias: #{key}"
end
elsif value.is_a?(String)
puts " #{key}: \"#{value}\""
else
puts " #{key}: #{value}"
end
end
puts " keyVaults:\n et-pet:\n secrets:"
key_vaults.each do |key_vault|
puts key_vault
end