I am trying to build a script that will initialize Vault then if not initialized, it will create keys, save them on GCP Secret Manager, via GCE instance bootstrap script. It is failing on the beginning of the if statement with this error startup-script exit status 2. This is my script:
#### Initialize Vault - Token in Clear txt ####
export VAULT_ADDR="http://127.0.0.1:8200"
export VAULT_SKIP_VERIFY=true
until curl -fs -o /dev/null localhost:8200/v1/sys/init; do
echo "Waiting for Vault to start..."
sleep 1
done
init=$(vault operator init -status)
if [ "$init" != "Vault is initialized" ]; then
echo "Initializing Vault"
install -d -m 0755 -o vault -g vault /etc/vault
SECRET_VALUE=$(vault operator init -recovery-shares=1 -recovery-threshold=1 | tee /etc/vault/vault-init.txt)
echo "Storing vault init values in secrets manager"
gcloud secrets create vault-secrets --replication-policy="automatic"
echo -n "$${SECRET_VALUE}" | gcloud secrets versions add vault-secrets --data-file=-
else
echo "Vault is already initialized"
exit 0
fi
This is a snippet of the syslog:
Mar 11 14:50:45 private-mesh-vault-cluster-rlnq startup-script: + init='Vault is not initialized'
Mar 11 14:50:45 private-mesh-vault-cluster-rlnq google_metadata_script_runner[524]: startup-script exit status 2
What is wrong with my script?
