Add vautlDIFF.sh
This commit is contained in:
37
vautlDIFF.sh
Normal file
37
vautlDIFF.sh
Normal file
@@ -0,0 +1,37 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# Compare a KV secret between two Vault clusters (works for KV v1 and v2)
|
||||||
|
# Usage: ./vault-secret-diff.sh secret/path
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
# --- Vault cluster configuration ---
|
||||||
|
VAULT_ADDR_1="https://vault-cluster1.example.com"
|
||||||
|
VAULT_TOKEN_1="token_for_cluster1"
|
||||||
|
|
||||||
|
VAULT_ADDR_2="https://vault-cluster2.example.com"
|
||||||
|
VAULT_TOKEN_2="token_for_cluster2"
|
||||||
|
|
||||||
|
if [ $# -ne 1 ]; then
|
||||||
|
echo "Usage: $0 secret/path"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
SECRET_PATH="$1"
|
||||||
|
|
||||||
|
# --- Get secret from both clusters ---
|
||||||
|
VAULT_ADDR="$VAULT_ADDR_1" VAULT_TOKEN="$VAULT_TOKEN_1" \
|
||||||
|
vault kv get -format=json "$SECRET_PATH" > /tmp/vault1.json
|
||||||
|
|
||||||
|
VAULT_ADDR="$VAULT_ADDR_2" VAULT_TOKEN="$VAULT_TOKEN_2" \
|
||||||
|
vault kv get -format=json "$SECRET_PATH" > /tmp/vault2.json
|
||||||
|
|
||||||
|
# --- Normalize JSON for reliable diff ---
|
||||||
|
jq -S . /tmp/vault1.json > /tmp/vault1_sorted.json
|
||||||
|
jq -S . /tmp/vault2.json > /tmp/vault2_sorted.json
|
||||||
|
|
||||||
|
# --- Compare ---
|
||||||
|
if diff -u /tmp/vault1_sorted.json /tmp/vault2_sorted.json; then
|
||||||
|
echo "Secrets match"
|
||||||
|
else
|
||||||
|
echo "Secrets differ"
|
||||||
|
fi
|
||||||
Reference in New Issue
Block a user