Fernando K pushed to branch main at Root / DMARC Report Commits: 4ce72fa9 by Fernando Monteiro Kiotheka at 2025-08-13T10:37:03-03:00 feat: upgrade to new bao config - - - - - 2 changed files: - .gitlab-ci.yml - + get-key-from-bao.sh Changes: ===================================== .gitlab-ci.yml ===================================== @@ -3,32 +3,6 @@ stages: retrieve-key: stage : setup - script: - - | - - ssh-keygen -t ed25519 -f key -N '' -q <<<y > /dev/null 2>&1 - - UNSIGNED_SSH_KEY=$(cat key.pub) - - response=$(curl -X POST -H "X-Vault-Token: $CI_VAULT_TOKEN" -d "{\"public_key\": \"$UNSIGNED_SSH_KEY\"}" $CI_VAULT_ADDR/v1/$CI_VAULT_SIGNER_AUTHORITY_PATH) - if [ $? -eq 0 ]; then - SIGNED_KEY=$(echo $response | jq -r .data.signed_key) - if [ "$SIGNED_KEY" != "null" ]; then - echo $SIGNED_KEY > key-cert.pub - chmod 644 key-cert.pub - else - echo "Failed to retrieve SSH key: SSH key is empty" - exit 1 - fi - else - echo "Failed to retrieve SSH key: Request to Vault failed" - exit 1 - fi - - ssh -i key -o StrictHostKeyChecking=accept-new ansible@dmarc-report.c3sl.ufpr.br /home/ansible/dmarcts-report-parser/dmarcts-report-parser.pl -i - - artifacts: - paths: - - key - - key.pub - - key-cert.pub + script: |- + sh get-key-from-bao.sh + ssh -i key -o StrictHostKeyChecking=accept-new root@dmarc-report.c3sl.ufpr.br /home/ansible/dmarcts-report-parser/dmarcts-report-parser.pl -i ===================================== get-key-from-bao.sh ===================================== @@ -0,0 +1,11 @@ +#!/bin/sh +response=$(curl --no-progress-meter --request POST \ + --header "X-Vault-Token: $VAULT_TOKEN" --data '{"key_type": "ed25519"}' \ + "$VAULT_ADDR/v1/ssh-client-signer/issue/ansible") \ + || { echo "Failed to retrieve SSH key: Request to Vault failed"; exit 1; } +private_key=$(printf "%s" "$response" | jq --raw-output .data.private_key) +signed_key=$(printf "%s" "$response" | jq --raw-output .data.signed_key) +[ "$signed_key" != "null" ] && [ "$private_key" != "null" ] \ + || { echo "Failed to retrieve SSH key: SSH key is empty"; exit 1; } +printf "%s\n" "$private_key" >key && chmod 600 key +printf "%s\n" "$signed_key" >key-cert.pub && chmod 644 key-cert.pub View it on GitLab: https://gitlab.c3sl.ufpr.br/root/dmarc-report/-/commit/4ce72fa9a6eda8009d823... -- View it on GitLab: https://gitlab.c3sl.ufpr.br/root/dmarc-report/-/commit/4ce72fa9a6eda8009d823... You're receiving this email because of your account on gitlab.c3sl.ufpr.br.