1#!/bin/sh
2
3set -e
4
5# Generate an OpenAPI document for all backends.
6#
7# Assumptions:
8#
9#   1. Vault has been checked out at an appropriate version and built
10#   2. vault executable is in your path
11#   3. Vault isn't already running
12
13echo "Starting Vault..."
14if pgrep -x "vault" > /dev/null
15then
16    echo "Vault is already running. Aborting."
17    exit 1
18fi
19
20vault server -dev -dev-root-token-id=root &
21sleep 2
22VAULT_PID=$!
23
24echo "Mounting all builtin backends..."
25
26#  auth backends
27vault auth enable alicloud
28vault auth enable app-id
29vault auth enable approle
30vault auth enable aws
31vault auth enable azure
32vault auth enable centrify
33vault auth enable cert
34vault auth enable cf
35vault auth enable gcp
36vault auth enable github
37vault auth enable jwt
38vault auth enable kerberos
39vault auth enable kubernetes
40vault auth enable ldap
41vault auth enable oci
42vault auth enable oidc
43vault auth enable okta
44vault auth enable radius
45vault auth enable userpass
46
47# secrets backends
48vault secrets enable ad
49vault secrets enable alicloud
50vault secrets enable aws
51vault secrets enable azure
52vault secrets enable cassandra
53vault secrets enable consul
54vault secrets enable database
55vault secrets enable gcp
56vault secrets enable gcpkms
57vault secrets enable kv
58vault secrets enable mongodb
59vault secrets enable mongodbatlas
60vault secrets enable mssql
61vault secrets enable mysql
62vault secrets enable nomad
63vault secrets enable openldap
64vault secrets enable pki
65vault secrets enable postgresql
66vault secrets enable rabbitmq
67vault secrets enable ssh
68vault secrets enable terraform
69vault secrets enable totp
70vault secrets enable transit
71
72# Enable enterprise features
73if [[ ! -z "$VAULT_LICENSE" ]]
74then
75  vault write sys/license text="$VAULT_LICENSE"
76  vault secrets enable kmip
77  vault secrets enable transform
78fi
79
80# Output OpenAPI, optionally formatted
81if [ "$1" == "-p" ]; then
82  curl -H "X-Vault-Token: root" "http://127.0.0.1:8200/v1/sys/internal/specs/openapi" | jq > openapi.json
83else
84  curl -H "X-Vault-Token: root" "http://127.0.0.1:8200/v1/sys/internal/specs/openapi" > openapi.json
85fi
86
87kill $VAULT_PID
88sleep 1
89
90echo "\nopenapi.json generated."
91