marinakr · October 11, 2021 21:15
diff --git a/vault_config_provider.ex b/vault_config_provider.ex
 defmodule HV.ConfigProviders.VaultConfigProvider do
  @moduledoc false
  @behaviour Config.Provider

  require Logger

  # Let's pass the path to the JSON file as config
  def init(nil), do: "/path/to/vault/token"
  def init(path) when is_binary(path), do: path

  def load(config, path) do
    {:ok, _} = Application.ensure_all_started(:jason)
    {:ok, _} = Application.ensure_all_started(:hackney)
    {:ok, _} = Application.ensure_all_started(:tesla)

    vault_host = System.fetch_env!("VAULT_ADDR")
    vault_k8s_role = System.fetch_env!("VAULT_K8S_ROLE")
    vault_prefix = System.fetch_env!("VAULT_PREFIX")
    vault_env_path = System.get_env("VAULT_ENV_PATH") || "secrets"

    {:ok, vault} =
      Vault.new(
        engine: Vault.Engine.KVV2,
        auth: Vault.Auth.Kubernetes,
        http: Vault.HTTP.Tesla,
        host: vault_host
      )
      |> Vault.auth(%{role: vault_k8s_role, jwt: File.read!(path)})

    {:ok, vault_secrets} = Vault.read(vault, "#{vault_prefix}/#{vault_env_path}")

    log_level = String.to_atom(vault_secrets["LOG_LEVEL"] || "error")
    Logger.configure(Keyword.merge(config[:logger], level: log_level))

    Config.Reader.merge(config,
      hello_vault: [
        {
          HV.Repo,
          [
            url: fetch_vault_env!(vault_secrets, "DATABASE_URL"),
            pool_size: vault_secrets["POOL_SIZE"] || 50
          ]
        }
      ]
    )
  end

  defp fetch_vault_env!(vault_secrets, secret_key) do
    case vault_secrets[secret_key] do
      nil ->
        IO.puts("Unable to load Vault config secret_key #{secret_key}")
        System.halt()

      value ->
        value
    end
  end
 end
	defmodule HV.ConfigProviders.VaultConfigProvider do
	@moduledoc false
	@behaviour Config.Provider

	require Logger

	# Let's pass the path to the JSON file as config
	def init(nil), do: "/path/to/vault/token"
	def init(path) when is_binary(path), do: path

	def load(config, path) do
	{:ok, _} = Application.ensure_all_started(:jason)
	{:ok, _} = Application.ensure_all_started(:hackney)
	{:ok, _} = Application.ensure_all_started(:tesla)

	vault_host = System.fetch_env!("VAULT_ADDR")
	vault_k8s_role = System.fetch_env!("VAULT_K8S_ROLE")
	vault_prefix = System.fetch_env!("VAULT_PREFIX")
	vault_env_path = System.get_env("VAULT_ENV_PATH") \|\| "secrets"

	{:ok, vault} =
	Vault.new(
	engine: Vault.Engine.KVV2,
	auth: Vault.Auth.Kubernetes,
	http: Vault.HTTP.Tesla,
	host: vault_host
	)
	\|> Vault.auth(%{role: vault_k8s_role, jwt: File.read!(path)})

	{:ok, vault_secrets} = Vault.read(vault, "#{vault_prefix}/#{vault_env_path}")

	log_level = String.to_atom(vault_secrets["LOG_LEVEL"] \|\| "error")
	Logger.configure(Keyword.merge(config[:logger], level: log_level))

	Config.Reader.merge(config,
	hello_vault: [
	{
	HV.Repo,
	[
	url: fetch_vault_env!(vault_secrets, "DATABASE_URL"),
	pool_size: vault_secrets["POOL_SIZE"] \|\| 50
	]
	}
	]
	)
	end

	defp fetch_vault_env!(vault_secrets, secret_key) do
	case vault_secrets[secret_key] do
	nil ->
	IO.puts("Unable to load Vault config secret_key #{secret_key}")
	System.halt()

	value ->
	value
	end
	end
	end