Skip to content

Commit

Permalink
Fix helm-vault secret decryption (#759)
Browse files Browse the repository at this point in the history 
Co-authored-by: Ben Bettridge <bbettridge@switch.tv>
  • Loading branch information
@bbetter173 @SwitchTV-BenBettridge
bbetter173 and SwitchTV-BenBettridge authored Jan 24, 2023
1 parent 7b8fa19 commit 44c2f37
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions internal/app/utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -526,6 +526,19 @@ func decryptSecret(name string) error {
outfile += ".dec"
}

if settings.VaultEnabled {
// helm-vault plugin doesn't write to stdout
useHelmOutput = false
if settings.VaultEnvironment != "" {
// helm-vault decryption with an environment interpolate the environment name into the output filename
vaultOutFile := name + "." + settings.VaultEnvironment + ".dec"
if _, err := os.Stat(vaultOutFile); err != nil {
return fmt.Errorf("decrypted vault file not found: %s", vaultOutFile)
}
os.Rename(vaultOutFile, outfile)
}
}

if !useHelmOutput {
if _, err := os.Stat(outfile); err != nil {
return fmt.Errorf("decryption failed: %s", res.String())
Expand Down

0 comments on commit 44c2f37

Please sign in to comment.