#!/usr/bin/env bash

UNSEAL_KEYS="xxx yyy zzz"

VAULT_PODS=$(kubectl get pods -n vault -l app.kubernetes.io/name=vault -o jsonpath='{.items[*].metadata.name}')

echo ""
echo "Unsealing Vault..."
echo ""

echo "Deleting existing pods..."
echo ""

kubectl delete pods -n vault $VAULT_PODS >> /dev/null

echo "Waiting for new pods to become ready..."
echo ""

kubectl wait --for=condition=ready --timeout=180s pods -n vault -l app.kubernetes.io/name=vault >> /dev/null

echo "Unsealing Vault pods..."
echo ""

for pod in $VAULT_PODS
do
  echo "Unsealing $pod..."

  for key in $UNSEAL_KEYS
  do
    kubectl exec -n vault -it $pod -- vault operator unseal $key >> /dev/null
    sleep 1
  done

  echo "$pod unsealed!"
  echo ""
done

echo "Vault unsealed!"
echo ""
echo ""
echo ""