#!/bin/sh# Script for rotating passwords on the local machine.# Make sure and

1. #!/bin/sh
2. # Script for rotating passwords on the local machine.
3. # Make sure and store VAULT_TOKEN as an environment variable before running this.
4.  
5. USERNAME=$1
6. PASSLENGTH=$2
7. VAULTURL=$3
8. NEWPASS=$(openssl rand -base64 $PASSLENGTH)
9. JSON="{ \"data\": { \"root\": \"$NEWPASS\" } }"
10.  
11. # First commit the new password to vault
12. curl -H "X-Vault-Token: $VAULT_TOKEN" -X POST --data "$JSON" $VAULTURL/v1/secret/data/linux/$(hostname)_rootpw
13.  
14. # Then set it on the local machine
15. echo $NEWPASS | passwd root --stdin