Tobias Wüst
32eca6b923
initial commit of the converted role from helm charts for qubernetis to compose ansible role
20 lines
816 B
Bash
Executable file
20 lines
816 B
Bash
Executable file
#!/usr/bin/env bash
|
|
# Bootstrap the OpenBao entry for ess_pro_compose.
|
|
# Only stores the registry credentials and the OIDC client secret —
|
|
# the rest of the cryptographic material is generated by the role locally
|
|
# on first deploy (and persists in {{ ess_compose_secrets_dir }} on the host).
|
|
|
|
set -euo pipefail
|
|
MOUNT="${MOUNT:-kv}"
|
|
PATH_="${PATH_:-digitalboard/ess-compose}"
|
|
|
|
read -p "Element registry username (from customer.element.io): " REG_USER
|
|
read -sp "Element registry token: " REG_TOKEN; echo
|
|
read -sp "Authentik OIDC client_secret for ess-mas: " OIDC_SECRET; echo
|
|
|
|
bao kv put "${MOUNT}/${PATH_}" \
|
|
registry_username="${REG_USER}" \
|
|
registry_token="${REG_TOKEN}" \
|
|
oidc_client_secret="${OIDC_SECRET}"
|
|
|
|
echo "Done. Verify: bao kv get ${MOUNT}/${PATH_}"
|