37 lines
1023 B
Bash
37 lines
1023 B
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
# 1. Bridge env vars to files for the agent
|
|
# (The agent is configured to read from these paths)
|
|
echo "Writing AppRole creds to files..."
|
|
echo -n "$VAULT_ROLE_ID" > /vault/secrets/role_id
|
|
echo -n "$VAULT_SECRET_ID" > /vault/secrets/secret_id
|
|
|
|
# 2. Start the Vault Agent in the background
|
|
echo "Starting Vault Agent..."
|
|
vault agent -config=/etc/vault/agent-config.hcl -log-level=debug &
|
|
AGENT_PID=$!
|
|
|
|
# 3. Wait for BOTH secret files to be rendered
|
|
echo "Waiting for admin credentials..."
|
|
while [ ! -f /vault/secrets/.admin-ready ]; do
|
|
sleep 1
|
|
done
|
|
echo "Admin credentials ready."
|
|
|
|
echo "Waiting for app credentials..."
|
|
while [ ! -f /vault/secrets/.app-ready ]; do
|
|
sleep 1
|
|
done
|
|
echo "App credentials ready."
|
|
|
|
# 4. Source the credentials into the environment
|
|
echo "Sourcing credentials..."
|
|
set -a # Automatically export all variables
|
|
. /vault/secrets/admin.env
|
|
. /vault/secrets/app.env
|
|
set +a
|
|
|
|
# 5. Execute the main container command (e.g., setup.sh or daphne)
|
|
echo "Executing command: $@"
|
|
exec "$@" |