s3_env=p81-zero-production
export VAULT_TOKEN=$(aws secretsmanager get-secret-value --secret-id env/global-P81ZERO-VAULT-master --region us-east-1 | jq -r ".SecretString")
export VAULT_ADDR="https://c1vault.p81zero.safersoftware.net:8200"
aws s3 cp --recursive s3://p81-devops/vault-exporters/$s3_env .

# login to vault and get cert
export VAULT_CLIENT_KEY=private.key
export VAULT_CLIENT_CERT=public.crt

# sudo apt update && sudo apt install gpg && sudo apt install vault
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com focal main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update
sudo apt install vault
sudo cp ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

DOMAIN_NAME=p81-leia.com
vault write devops/issue/yarkon_store common_name="yarkon.$DOMAIN_NAME" ttl="26000h" alt_names="yarkon.perimeter81-$ENV_NAME.com" > tmp_certificate.txt