Add vautlDIFF.sh

2025-08-11 15:01:55 +02:00
commit 467847f224
1 changed files with 37 additions and 0 deletions
--- a/vautlDIFF.sh
+++ b/vautlDIFF.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+# Compare a KV secret between two Vault clusters (works for KV v1 and v2)
+# Usage: ./vault-secret-diff.sh secret/path
+
+set -euo pipefail
+
+# --- Vault cluster configuration ---
+VAULT_ADDR_1="https://vault-cluster1.example.com"
+VAULT_TOKEN_1="token_for_cluster1"
+
+VAULT_ADDR_2="https://vault-cluster2.example.com"
+VAULT_TOKEN_2="token_for_cluster2"
+
+if [ $# -ne 1 ]; then
+    echo "Usage: $0 secret/path"
+    exit 1
+fi
+
+SECRET_PATH="$1"
+
+# --- Get secret from both clusters ---
+VAULT_ADDR="$VAULT_ADDR_1" VAULT_TOKEN="$VAULT_TOKEN_1" \
+    vault kv get -format=json "$SECRET_PATH" > /tmp/vault1.json
+
+VAULT_ADDR="$VAULT_ADDR_2" VAULT_TOKEN="$VAULT_TOKEN_2" \
+    vault kv get -format=json "$SECRET_PATH" > /tmp/vault2.json
+
+# --- Normalize JSON for reliable diff ---
+jq -S . /tmp/vault1.json > /tmp/vault1_sorted.json
+jq -S . /tmp/vault2.json > /tmp/vault2_sorted.json
+
+# --- Compare ---
+if diff -u /tmp/vault1_sorted.json /tmp/vault2_sorted.json; then
+    echo "Secrets match"
+else
+    echo "Secrets differ"
+fi