51 lines
2.3 KiB
C#
51 lines
2.3 KiB
C#
|
using System;
|
|||
|
using System.Management.Automation;
|
|||
|
|
|||
|
namespace Alkami.Ops.Certificates
|
|||
|
{
|
|||
|
/// <summary>
|
|||
|
/// Downloads certificates for ALL environments under the FriendlyCertificates folder, combines them into a handful of secrets, and uploads them to the MachineSecrets folder.
|
|||
|
/// This allows a server to download 4 secrets (web, app, common web, common app) instead of 200+ secrets.
|
|||
|
/// </summary>
|
|||
|
/// <param name="SecretUsername">Username with which to authenticate</param>
|
|||
|
/// <param name="SecretPassword">Password with which to authenticate</param>
|
|||
|
/// <param name="SecretSite">Site of Secret Server</param>
|
|||
|
/// <param name="FriendlySecretFolder">Root folder for where all Friendly Certificates are stored.</param>
|
|||
|
/// <param name="ImportableUsers">Doesn't appear to actually be used? Just leave the defaults.</param>
|
|||
|
/// <param name="MachineSecretFolder">Root folder for where all Zipped Certificates will be placed.</param>
|
|||
|
[Cmdlet("Optimize", "PodSecrets")]
|
|||
|
[OutputType(typeof(string))]
|
|||
|
public class OptimizePodSecrets : Cmdlet
|
|||
|
{
|
|||
|
[Parameter(Position = 0, Mandatory = true)]
|
|||
|
public string SecretUsername;
|
|||
|
|
|||
|
[Parameter(Position = 1, Mandatory = true)]
|
|||
|
public string SecretPassword;
|
|||
|
|
|||
|
[Parameter(Position = 2, Mandatory = false)]
|
|||
|
public string SecretSite = "https://alkami.secretservercloud.com";
|
|||
|
|
|||
|
[Parameter(Position = 3, Mandatory = false)]
|
|||
|
public string FriendlySecretFolder = "ops.deployment-CertApi/FriendlyCertificates";
|
|||
|
|
|||
|
[Parameter(Position = 4, Mandatory = false)]
|
|||
|
public string[] ImportableUsers = new string[] { "CORP\\Site Reliability Engineers", "fh\\jumpbox.jenkins", "fh\\ci.migrate$" };
|
|||
|
|
|||
|
[Parameter(Position = 5, Mandatory = false)]
|
|||
|
public string MachineSecretFolder = "ops.deployment-CertApi/MachineSecrets";
|
|||
|
|
|||
|
protected override void ProcessRecord()
|
|||
|
{
|
|||
|
var watch = new System.Diagnostics.Stopwatch();
|
|||
|
watch.Start();
|
|||
|
|
|||
|
using (var importer = new SecretServerImporter(SecretSite, SecretUsername, SecretPassword))
|
|||
|
{
|
|||
|
importer.CreatePodSecrets(FriendlySecretFolder, MachineSecretFolder, ImportableUsers);
|
|||
|
}
|
|||
|
|
|||
|
Console.WriteLine($"Finished executing in {watch.Elapsed}");
|
|||
|
}
|
|||
|
}
|
|||
|
}
|