#!/bin/bash
# 显示开发环境Vault密钥信息

echo "===== Vault开发环境密钥信息 ====="

# 检查密钥文件是否存在
if [ ! -f "/root/mgmt/security/secrets/vault/dev/init_keys.json" ]; then
    echo "错误：Vault密钥文件不存在"
    echo "请先运行初始化脚本：/root/mgmt/deployment/scripts/init_vault_dev.sh"
    exit 1
fi

# 显示密钥信息
echo "Vault开发环境密钥信息："
echo "----------------------------------------"

# 提取并显示解封密钥
unseal_key=$(cat /root/mgmt/security/secrets/vault/dev/init_keys.json | grep -o '"unseal_keys_b64":\["[^"]*"' | cut -d '"' -f4)
echo "解封密钥: $unseal_key"

# 提取并显示根令牌
root_token=$(cat /root/mgmt/security/secrets/vault/dev/init_keys.json | grep -o '"root_token":"[^"]*"' | cut -d '"' -f4)
echo "根令牌: $root_token"

echo "----------------------------------------"
echo "环境变量设置命令："
echo "export VAULT_ADDR='http://100.117.106.136:8200'"
echo "export VAULT_TOKEN='$root_token'"

echo ""
echo "注意：这是开发环境配置，仅用于测试目的"
echo "生产环境请遵循安全策略文档中的建议"