From 467847f224ff1d53f7a3baf226e9dc040d106687 Mon Sep 17 00:00:00 2001
From: Martin Cholewa <xchose@gmail.com>
Date: Mon, 11 Aug 2025 15:01:55 +0200
Subject: [PATCH] Add vautlDIFF.sh

---
 vautlDIFF.sh | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 vautlDIFF.sh

diff --git a/vautlDIFF.sh b/vautlDIFF.sh
new file mode 100644
index 0000000..72e5359
--- /dev/null
+++ b/vautlDIFF.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+# Compare a KV secret between two Vault clusters (works for KV v1 and v2)
+# Usage: ./vault-secret-diff.sh secret/path
+
+set -euo pipefail
+
+# --- Vault cluster configuration ---
+VAULT_ADDR_1="https://vault-cluster1.example.com"
+VAULT_TOKEN_1="token_for_cluster1"
+
+VAULT_ADDR_2="https://vault-cluster2.example.com"
+VAULT_TOKEN_2="token_for_cluster2"
+
+if [ $# -ne 1 ]; then
+    echo "Usage: $0 secret/path"
+    exit 1
+fi
+
+SECRET_PATH="$1"
+
+# --- Get secret from both clusters ---
+VAULT_ADDR="$VAULT_ADDR_1" VAULT_TOKEN="$VAULT_TOKEN_1" \
+    vault kv get -format=json "$SECRET_PATH" > /tmp/vault1.json
+
+VAULT_ADDR="$VAULT_ADDR_2" VAULT_TOKEN="$VAULT_TOKEN_2" \
+    vault kv get -format=json "$SECRET_PATH" > /tmp/vault2.json
+
+# --- Normalize JSON for reliable diff ---
+jq -S . /tmp/vault1.json > /tmp/vault1_sorted.json
+jq -S . /tmp/vault2.json > /tmp/vault2_sorted.json
+
+# --- Compare ---
+if diff -u /tmp/vault1_sorted.json /tmp/vault2_sorted.json; then
+    echo "Secrets match"
+else
+    echo "Secrets differ"
+fi