Fernando K pushed to branch main at Root / Serviços / DNS Commits: aa660247 by Fernando Monteiro Kiotheka at 2025-08-06T15:23:09-03:00 feat: use get-key-from-bao.sh - - - - - 2 changed files: - .gitlab-ci.yml - + get-key-from-bao.sh Changes: ===================================== .gitlab-ci.yml ===================================== @@ -3,15 +3,7 @@ stages: sync-dns: stage: deploy script: - - | - ssh-keygen -t ed25519 -f key -N '' -q >/dev/null 2>&1 - response=$(curl -X POST -H "X-Vault-Token: $CI_VAULT_TOKEN" \ - -d "{\"public_key\": \"$(cat key.pub)\"}" $CI_VAULT_ADDR/v1/$CI_VAULT_SIGNER_AUTHORITY_PATH \ - ) || { echo "Failed to retrieve SSH key: Request to Vault failed"; exit 1; } - signed_key=$(jq -r .data.signed_key <<<"$response") - [ "$signed_key" != "null" ] || { echo "Failed to retrieve SSH key: SSH key is empty"; exit 1; } - echo "$signed_key" > key-cert.pub - chmod 644 key-cert.pub + - bash get-key-from-bao.sh - chmod 755 ansible && cd ansible && ansible-playbook --private-key ../key sync_dns.yaml only: refs: ===================================== get-key-from-bao.sh ===================================== @@ -0,0 +1,12 @@ +#!/bin/sh +response=$(curl --no-progress-meter --request POST \ + --header "X-Vault-Token: $VAULT_TOKEN" --data '{"key_type": "ed25519"}' \ + "$VAULT_ADDR/v1/ssh-client-signer/issue/ansible") \ + || { echo "Failed to retrieve SSH key: Request to Vault failed"; exit 1; } +echo $response +private_key=$(printf "%s" "$response" | jq --raw-output .data.private_key) +signed_key=$(printf "%s" "$response" | jq --raw-output .data.signed_key) +[ "$signed_key" != "null" ] && [ "$private_key" != "null" ] \ + || { echo "Failed to retrieve SSH key: SSH key is empty"; exit 1; } +printf "%s" "$private_key" >key && chmod 600 key +printf "%s" "$signed_key" >key-cert.pub && chmod 644 key-cert.pub View it on GitLab: https://gitlab.c3sl.ufpr.br/root/services/dns/-/commit/aa6602472d091a5bc07a3... -- View it on GitLab: https://gitlab.c3sl.ufpr.br/root/services/dns/-/commit/aa6602472d091a5bc07a3... You're receiving this email because of your account on gitlab.c3sl.ufpr.br.