From 828f20f5b6b878626924e9e3c8199c6a0871df9d Mon Sep 17 00:00:00 2001
From: Muhammad Atif Ali <me@matifali.dev>
Date: Mon, 9 Oct 2023 17:01:23 +0300
Subject: [PATCH] test

---
 vault/main.tf | 19 ++++++++++++++++---
 vault/run.sh  | 48 ++++++++++--------------------------------------
 2 files changed, 26 insertions(+), 41 deletions(-)

diff --git a/vault/main.tf b/vault/main.tf
index a939305..7cedfbf 100644
--- a/vault/main.tf
+++ b/vault/main.tf
@@ -27,8 +27,21 @@ variable "vault_auth_id" {
 }
 
 variable "secrets" {
-  type        = map(list(string))
-  description = "A map of secret lists to set as environment variables. Each secret list is a list of paths to secrets to set as environment variables."
+  type        = map(map(string))
+  description = <<EOF
+  A map of secrets to write to the workspace. The key is the path of the secret in vault and the value is a map of the list of secrets and the file to write them to.
+  e.g,
+  {
+    "secret/data/my-secret-1" = {
+      "secrets" = ["username", "password"]
+      "file" = "secrets.env"
+    },
+    "secret/data/my-secret-2" = {
+      "secrets" = ["username", "password"]
+      "file" = "secrets2.env"
+    }
+  }
+  EOF 
   default     = {}
 }
 
@@ -51,7 +64,7 @@ resource "coder_script" "vault" {
     VAULT_ADDR : var.vault_addr,
     VAULT_TOKEN : data.coder_git_auth.vault.access_token,
     VERSION : var.vault_cli_version,
-    SECRETS : jsonencode(var.secrets),
+    SECRETS : jsonencode(var.secrets)
   })
   run_on_start = true
 }
diff --git a/vault/run.sh b/vault/run.sh
index 80b1a1b..1ab12b5 100644
--- a/vault/run.sh
+++ b/vault/run.sh
@@ -37,10 +37,7 @@ export VAULT_TOKEN=${VAULT_TOKEN}
 
 # login to Vault
 printf "🔑 Logging in to Vault ...\n\n"
-vault login -address=${VAULT_ADDR} -no-print ${VAULT_TOKEN}
-
-# Add VAULT_ADDR to /ect/environment file to persist the environment variable
-echo "VAULT_ADDR=${VAULT_ADDR}" | sudo tee -a /etc/environment
+vault login -no-print ${VAULT_TOKEN}
 
 # Verify Vault address and token
 printf "🔎 Verifying Vault address and token ...\n\n"
@@ -51,39 +48,14 @@ if [ "${SECRETS}" = "{}" ]; then
     exit 0
 fi
 
-printf "\n🔑 Fetching secrets ...\n\n"
-
-# Check if jq is installed
-if ! command -v jq >/dev/null; then
-    echo "jq is not installed. Please install jq to automatically set the secrets."
-    echo "You can manually set the secrets by using the following command in your workspace:"
-    echo "vault kv get <path>"
-    exit 0 
-fi
-
-echo "${SECRETS}"
-# Decode the JSON string to a temporary file
-echo "${SECRETS}" | jq '.' > temp.json
-
-# Iterate through the keys and values in the JSON file
-for key in $(jq -r 'keys[]' temp.json); do
-    path=$(echo $key | tr -d \")
-    # Fetch the secrets from Vault
-    secrets=$(vault kv get -format=json $path)
-    # Get the array of secret names from the JSON file
-    sceret_names=$(jq -r ".$key[]" temp.json)
-    # Convert the list of environment variables to an array
-    IFS=', ' read -r -a sceret_array <<< "$sceret_names"
-    # Set the environment variables with the secret values
-    for secret_name in "$${sceret_array[@]}"; do
-        # Remove quotes from the variable name
-        secret_name=$(echo $secret_name | tr -d \")
-        secret_value=$(echo $secrets | jq -r ".data.data.$secret_name")
-        export $secret_name=$secret_value
+printf "🔍 Fetching secrets ...\n\n"
+for key in $(echo "${SECRETS}" | jq -r "keys[]" ); do
+    secrets=$(echo "${SECRETS}" | jq -r ".$key.secrets[]")
+    file=$(echo "${SECRETS}" | jq -r ".$key.file")
+    printf "Fetching secrets from $${key} ...\n"
+    for secret in $${secrets}; do
+        value=$(vault kv get -format=json $${key} | jq -r ".data.data.$${secret}")
+        printf "$${secret}=$${value}\n" >> $${file}
     done
+    printf "\n"
 done
-
-# Remove the temporary file
-rm temp.json
-
-