GitLab

4ce72fa9
by Fernando Monteiro Kiotheka at 2025-08-13T10:37:03-03:00
```
feat: upgrade to new bao config
```

@@ -3,32 +3,6 @@ stages:
  retrieve-key:
    stage : setup
 -  script:
 -    - |
+-
 -      ssh-keygen -t ed25519 -f key -N '' -q <<<y > /dev/null 2>&1
+-
 -      UNSIGNED_SSH_KEY=$(cat key.pub)
+-
 -      response=$(curl -X POST -H "X-Vault-Token: $CI_VAULT_TOKEN" -d "{\"public_key\": \"$UNSIGNED_SSH_KEY\"}" $CI_VAULT_ADDR/v1/$CI_VAULT_SIGNER_AUTHORITY_PATH)
 -      if [ $? -eq 0 ]; then
 -        SIGNED_KEY=$(echo $response | jq -r .data.signed_key)
 -        if [ "$SIGNED_KEY" != "null" ]; then
 -          echo $SIGNED_KEY > key-cert.pub
 -          chmod 644 key-cert.pub
 -        else
 -          echo "Failed to retrieve SSH key: SSH key is empty"
 -          exit 1
 -        fi
 -      else
 -        echo "Failed to retrieve SSH key: Request to Vault failed"
 -        exit 1
 -      fi
+-
 -      ssh -i key -o StrictHostKeyChecking=accept-new ansible@dmarc-report.c3sl.ufpr.br /home/ansible/dmarcts-report-parser/dmarcts-report-parser.pl -i
+-
 -  artifacts:
 -    paths:
 -      - key
 -      - key.pub
 -      - key-cert.pub
 +  script: |-
 +    sh get-key-from-bao.sh
 +    ssh -i key -o StrictHostKeyChecking=accept-new root@dmarc-report.c3sl.ufpr.br /home/ansible/dmarcts-report-parser/dmarcts-report-parser.pl -i

 +#!/bin/sh
 +response=$(curl --no-progress-meter --request POST \
 +    --header "X-Vault-Token: $VAULT_TOKEN" --data '{"key_type": "ed25519"}' \
 +    "$VAULT_ADDR/v1/ssh-client-signer/issue/ansible") \
 +  || { echo "Failed to retrieve SSH key: Request to Vault failed"; exit 1; }
 +private_key=$(printf "%s" "$response" | jq --raw-output .data.private_key)
 +signed_key=$(printf "%s" "$response" | jq --raw-output .data.signed_key)
 +[ "$signed_key" != "null" ] && [ "$private_key" != "null" ] \
 +  || { echo "Failed to retrieve SSH key: SSH key is empty"; exit 1; }
 +printf "%s\n" "$private_key" >key && chmod 600 key
 +printf "%s\n" "$signed_key" >key-cert.pub && chmod 644 key-cert.pub