examples/api/direct-import-examples.sh at main · evan.jarrett.net/hsm-secrets-operator

A Kubernetes operator that bridges Hardware Security Module (HSM) data storage with Kubernetes Secrets, providing true secret portability th
fork
hsm-secrets-operator / examples / api / direct-import-examples.sh
at main 241 lines 6.3 kB view raw
wrap content
Evan Jarrett initial commit 8mo ago
6267e518
  1#!/bin/bash
  2
  3# Direct API import examples for HSM secrets
  4# Demonstrates various import patterns
  5
  6API_BASE_URL=${API_BASE_URL:-"http://localhost:8090"}
  7
  8echo "🚀 Direct API Import Examples"
  9echo "=============================="
 10
 11# Example 1: Import from environment variables
 12echo ""
 13echo "📋 Example 1: Import from Environment Variables"
 14curl -X POST "$API_BASE_URL/api/v1/hsm/secrets" \
 15  -H "Content-Type: application/json" \
 16  -d '{
 17    "label": "env-config",
 18    "id": 3001,
 19    "format": "json",
 20    "description": "Application configuration from environment",
 21    "tags": {
 22      "source": "environment",
 23      "type": "config"
 24    },
 25    "data": {
 26      "NODE_ENV": "'${NODE_ENV:-development}'",
 27      "LOG_LEVEL": "'${LOG_LEVEL:-info}'",
 28      "PORT": "'${PORT:-3000}'"
 29    }
 30  }'
 31
 32echo ""
 33echo ""
 34
 35# Example 2: Import TLS certificates
 36echo "📋 Example 2: Import TLS Certificate Bundle"
 37curl -X POST "$API_BASE_URL/api/v1/hsm/secrets" \
 38  -H "Content-Type: application/json" \
 39  -d '{
 40    "label": "app-tls-bundle",
 41    "id": 3002,
 42    "format": "text",
 43    "description": "Application TLS certificate bundle",
 44    "tags": {
 45      "type": "tls",
 46      "app": "web-server"
 47    },
 48    "data": {
 49      "server.crt": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAK...\n-----END CERTIFICATE-----",
 50      "server.key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG...\n-----END PRIVATE KEY-----",
 51      "ca-bundle.crt": "-----BEGIN CERTIFICATE-----\nMIIDSjCCAjKgAwIBAgIQ...\n-----END CERTIFICATE-----"
 52    }
 53  }'
 54
 55echo ""
 56echo ""
 57
 58# Example 3: Import database connection strings
 59echo "📋 Example 3: Import Database Connections"
 60for db in primary replica analytics; do
 61  echo "Importing $db database connection..."
 62  curl -X POST "$API_BASE_URL/api/v1/hsm/secrets" \
 63    -H "Content-Type: application/json" \
 64    -d '{
 65      "label": "db-'$db'",
 66      "id": '$((3003 + $(echo $db | wc -c)))',
 67      "format": "json",
 68      "description": "'$db' database connection details",
 69      "tags": {
 70        "type": "database",
 71        "role": "'$db'"
 72      },
 73      "data": {
 74        "host": "'$db'.db.internal",
 75        "port": "5432",
 76        "database": "app_'$db'",
 77        "username": "app_user",
 78        "password": "secure_'$db'_password",
 79        "connection_string": "postgresql://app_user:secure_'$db'_password@'$db'.db.internal:5432/app_'$db'"
 80      }
 81    }'
 82  echo ""
 83done
 84
 85echo ""
 86
 87# Example 4: Import API keys from CSV-like data
 88echo "📋 Example 4: Import Multiple API Keys"
 89api_services=("stripe" "sendgrid" "aws" "github")
 90api_keys=("sk_live_example123" "SG.example456" "AKIA1234567890" "ghp_example789")
 91
 92for i in "${!api_services[@]}"; do
 93  service="${api_services[$i]}"
 94  key="${api_keys[$i]}"
 95  
 96  echo "Importing $service API key..."
 97  curl -X POST "$API_BASE_URL/api/v1/hsm/secrets" \
 98    -H "Content-Type: application/json" \
 99    -d '{
100      "label": "'$service'-api-key",
101      "id": '$((3100 + $i))',
102      "format": "text",
103      "description": "'$service' API authentication key",
104      "tags": {
105        "type": "api-key",
106        "service": "'$service'"
107      },
108      "data": {
109        "api_key": "'$key'"
110      }
111    }'
112  echo ""
113done
114
115echo ""
116
117# Example 5: Import from file content
118echo "📋 Example 5: Import from File (if exists)"
119if [ -f "/tmp/secret-file.txt" ]; then
120  file_content=$(cat /tmp/secret-file.txt | base64 -w 0)
121  
122  curl -X POST "$API_BASE_URL/api/v1/hsm/secrets" \
123    -H "Content-Type: application/json" \
124    -d '{
125      "label": "file-based-secret",
126      "id": 3200,
127      "format": "binary",
128      "description": "Secret imported from file",
129      "tags": {
130        "source": "file",
131        "encoding": "base64"
132      },
133      "data": {
134        "content": "'$file_content'"
135      }
136    }'
137else
138  echo "⚠️  /tmp/secret-file.txt not found, skipping file import example"
139fi
140
141echo ""
142echo ""
143
144# Example 6: Batch import with error handling
145echo "📋 Example 6: Batch Import with Error Handling"
146secrets_to_import='[
147  {
148    "label": "batch-secret-1",
149    "id": 3301,
150    "format": "json",
151    "data": {"key": "value1"}
152  },
153  {
154    "label": "batch-secret-2", 
155    "id": 3302,
156    "format": "json",
157    "data": {"key": "value2"}
158  },
159  {
160    "label": "batch-secret-3",
161    "id": 3303,
162    "format": "json", 
163    "data": {"key": "value3"}
164  }
165]'
166
167echo "$secrets_to_import" | jq -c '.[]' | while IFS= read -r secret; do
168  label=$(echo "$secret" | jq -r '.label')
169  echo "Importing: $label"
170  
171  response=$(curl -s -X POST "$API_BASE_URL/api/v1/hsm/secrets" \
172    -H "Content-Type: application/json" \
173    -d "$secret")
174  
175  success=$(echo "$response" | jq -r '.success')
176  if [ "$success" = "true" ]; then
177    echo "  ✅ Success"
178  else
179    error_msg=$(echo "$response" | jq -r '.error.message // "Unknown error"')
180    echo "  ❌ Failed: $error_msg"
181  fi
182done
183
184echo ""
185echo ""
186
187# Example 7: Import with validation
188echo "📋 Example 7: Import with Pre-validation"
189validate_and_import() {
190  local label="$1"
191  local secret_data="$2"
192  
193  # Check if secret already exists
194  existing=$(curl -s "$API_BASE_URL/api/v1/hsm/secrets/$label")
195  exists=$(echo "$existing" | jq -r '.success')
196  
197  if [ "$exists" = "true" ]; then
198    echo "⚠️  Secret '$label' already exists, skipping..."
199    return 1
200  fi
201  
202  # Validate JSON structure
203  if ! echo "$secret_data" | jq empty 2>/dev/null; then
204    echo "❌ Invalid JSON for secret '$label'"
205    return 1
206  fi
207  
208  # Import the secret
209  echo "Creating new secret: $label"
210  response=$(curl -s -X POST "$API_BASE_URL/api/v1/hsm/secrets" \
211    -H "Content-Type: application/json" \
212    -d "$secret_data")
213  
214  success=$(echo "$response" | jq -r '.success')
215  if [ "$success" = "true" ]; then
216    echo "  ✅ Imported successfully"
217    return 0
218  else
219    error_msg=$(echo "$response" | jq -r '.error.message // "Unknown error"')
220    echo "  ❌ Import failed: $error_msg"
221    return 1
222  fi
223}
224
225# Test the validation function
226validate_and_import "validated-secret" '{
227  "label": "validated-secret",
228  "id": 3400,
229  "format": "json",
230  "description": "A secret imported with validation",
231  "data": {
232    "validated": true,
233    "timestamp": "'$(date -Iseconds)'"
234  }
235}'
236
237echo ""
238echo "🎉 All import examples completed!"
239echo ""
240echo "To verify imports:"
241echo "  curl $API_BASE_URL/api/v1/hsm/secrets"
Configure Feed

Configure Feed
