feat: working infra with sso

2025-12-04 12:49:43 +02:00
parent 67de982754
commit 7e54ee9099
13 changed files with 329 additions and 222 deletions
--- a/infra/scripts/init-vault.sh
+++ b/infra/scripts/init-vault.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+set -e
+
+# Load environment variables
+source infra/environments/production/.env
+
+VAULT_ADDR="http://127.0.0.1:8200"
+CONTAINER_NAME="apa-vault"
+KEYS_FILE="infra/environments/production/.vault-keys"
+
+echo "Checking Vault status..."
+
+# Helper function to run vault commands inside docker
+vault_cmd() {
+    docker exec -i -e VAULT_ADDR=$VAULT_ADDR $CONTAINER_NAME vault "$@"
+}
+
+# Check if Vault is initialized
+if vault_cmd status -format=json | grep -q '"initialized": true'; then
+    echo "Vault is already initialized."
+else
+    echo "Vault is NOT initialized. Initializing..."
+    INIT_OUTPUT=$(vault_cmd operator init -key-shares=1 -key-threshold=1 -format=json)
+
+    echo "$INIT_OUTPUT" > "$KEYS_FILE"
+    chmod 600 "$KEYS_FILE"
+
+    echo "Vault initialized! Keys saved to $KEYS_FILE"
+    echo "WARNING: BACK UP THIS FILE SECURELY!"
+fi
+
+# Read keys
+# Extract first key from the array (assuming 1 key share)
+UNSEAL_KEY=$(grep -A 1 '"unseal_keys_b64":' "$KEYS_FILE" | tail -n 1 | cut -d'"' -f2)
+ROOT_TOKEN=$(grep '"root_token":' "$KEYS_FILE" | cut -d'"' -f4)
+
+# Unseal
+echo "Unsealing Vault..."
+vault_cmd operator unseal "$UNSEAL_KEY"
+
+echo "Vault is Unsealed!"
+echo "Root Token: $ROOT_TOKEN"
+
+# Export Root Token for setup script
+export VAULT_TOKEN=$ROOT_TOKEN