fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
79 lines
2.3 KiB
Bash
Executable File
79 lines
2.3 KiB
Bash
Executable File
#!/bin/bash
|
|
# Provision Admin Vault for Sankofa Admin Portal
|
|
# Creates the admin vault and migrates all secrets
|
|
|
|
set -euo pipefail
|
|
|
|
# Configuration
|
|
VAULT_ADDR="${VAULT_ADDR:-http://192.168.11.200:8200}"
|
|
VAULT_TOKEN="${VAULT_TOKEN:-${VAULT_ROOT_TOKEN:-}}"
|
|
ADMIN_ORG_NAME="${ADMIN_ORG_NAME:-Sankofa Admin}"
|
|
ADMIN_VAULT_NAME="${ADMIN_VAULT_NAME:-sankofa-admin}"
|
|
ADMIN_LEVEL="${ADMIN_LEVEL:-super_admin}"
|
|
|
|
# Colors
|
|
GREEN='\033[0;32m'
|
|
BLUE='\033[0;34m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m'
|
|
|
|
log_info() {
|
|
echo -e "${BLUE}[INFO]${NC} $1"
|
|
}
|
|
|
|
log_success() {
|
|
echo -e "${GREEN}[SUCCESS]${NC} $1"
|
|
}
|
|
|
|
log_warn() {
|
|
echo -e "${YELLOW}[WARN]${NC} $1"
|
|
}
|
|
|
|
# Check prerequisites
|
|
if [ -z "$VAULT_TOKEN" ]; then
|
|
log_warn "VAULT_TOKEN not set. Please set it before running."
|
|
exit 1
|
|
fi
|
|
|
|
log_info "=== Provisioning Admin Vault ==="
|
|
log_info "Organization: $ADMIN_ORG_NAME"
|
|
log_info "Vault Name: $ADMIN_VAULT_NAME"
|
|
log_info "Admin Level: $ADMIN_LEVEL"
|
|
echo ""
|
|
|
|
# Check if we can use Node.js/TypeScript script
|
|
if command -v node &> /dev/null && [ -f "dbis_core/scripts/provision-admin-vault.ts" ]; then
|
|
log_info "Using TypeScript provisioning script..."
|
|
cd dbis_core
|
|
export VAULT_TOKEN
|
|
export VAULT_ADDR
|
|
npx tsx scripts/provision-admin-vault.ts \
|
|
--org "$ADMIN_ORG_NAME" \
|
|
--name "$ADMIN_VAULT_NAME" \
|
|
--level "$ADMIN_LEVEL"
|
|
cd ..
|
|
else
|
|
log_warn "TypeScript script not available. Using direct Vault API calls..."
|
|
|
|
# Direct Vault API provisioning
|
|
ORG_ID=$(echo "$ADMIN_ORG_NAME" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g' | sed 's/--*/-/g' | cut -c1-32)
|
|
VAULT_PATH="secret/data/admin/${ORG_ID}/${ADMIN_VAULT_NAME}"
|
|
|
|
log_info "Creating admin vault at: $VAULT_PATH"
|
|
|
|
# Create initial structure
|
|
curl -s -X POST \
|
|
-H "X-Vault-Token: $VAULT_TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"data\":{\"initialized\":true,\"adminVault\":true,\"createdAt\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\"}}" \
|
|
"$VAULT_ADDR/v1/$VAULT_PATH" > /dev/null
|
|
|
|
log_success "Admin vault created at: $VAULT_PATH"
|
|
fi
|
|
|
|
echo ""
|
|
log_info "Next steps:"
|
|
log_info "1. Run migration script: ./scripts/migrate-secrets-to-admin-vault.sh"
|
|
log_info "2. Store credentials securely"
|
|
log_info "3. Update applications to use admin vault"
|