...
Security Server PIN code can be stored in Key Vault. In that case a custom bash script (/usr/share/xroad/autologin/custom-fetch-pin.sh) must be implemented according to the auto-login documentation. The script must fetch the PIN code from Key Vault and output the PIN code to stdout. Curl and jq must be installed on the host server. The host server must have an identity that has sufficient permissions to read the Key Vault secret storing the PIN code.
| Note |
|---|
Curl and jq must be installed on the host server. The host server must have an identity that has sufficient permissions to read the Key Vault secret storing the PIN code. |
| Code Block | ||||
|---|---|---|---|---|
| ||||
#!/bin/bash
TOKEN=$(curl -H "Metadata: true" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net" | jq -r '.access_token')
PIN_CODE=$(curl -H "Authorization: Bearer $TOKEN" "https://<KEY_VAULT_NAME>.vault.azure.net/secrets/<SECRET_NAME>?api-version=2016-10-01" | jq -r '.value')
echo "${PIN_CODE}"
exit 0 |
...