From d056b385d71d5b33165ab87cbedffb243d168c8a Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Wed, 20 Apr 2022 13:07:39 +0200
Subject: Refactor secrets

---
 deploy_pki | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'deploy_pki')

diff --git a/deploy_pki b/deploy_pki
index fffb3d0..841088c 100755
--- a/deploy_pki
+++ b/deploy_pki
@@ -7,18 +7,17 @@ cmd mkdir -p /var/lib/nomad/pki /var/lib/consul/pki
 
 for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key consul$YEAR-client.crt consul$YEAR-client.key; do
 	if [ -f "$PKI/$file" ]; then
-		copy $PKI/$file /var/lib/consul/pki/$file
+		copy_secret $PKI/$file /var/lib/consul/pki/$file
 		cmd chown consul:root /var/lib/consul/pki/$file
-		cmd chmod 0400 /var/lib/consul/pki/$file
 	fi
 done
 
 cmd systemctl restart consul
 cmd sleep 10
 
-for file in nomad-ca.crt nomad$YEAR.crt nomad$YER.key; do
+for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key; do
 	if [ -f "$PKI/$file" ]; then
-		copy $PKI/$file /var/lib/nomad/pki/$file
+		copy_secret $PKI/$file /var/lib/nomad/pki/$file
 	fi
 done
 
-- 
cgit v1.2.3