From 39c7a5e4ceb7771f41f8cc8522d7c33db5c3b0f6 Mon Sep 17 00:00:00 2001
From: Gavin Kyte <gpkyte@gmail.com>
Date: Sat, 29 Apr 2023 00:16:40 -0400
Subject: [PATCH] Use new docker env var for decrypting TLS secret key file

New env var `docker run -e "VAULT_TLS_KEY_PASSPHRASE=what-you-provide"`
now checked within docker-entrypoint.sh and supplied as STDIN
to vault command via pipe. This allows non-interactive docker
deployments of the vault image.
---
 0.X/docker-entrypoint.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/0.X/docker-entrypoint.sh b/0.X/docker-entrypoint.sh
index 3b72da2..9bbe1ff 100755
--- a/0.X/docker-entrypoint.sh
+++ b/0.X/docker-entrypoint.sh
@@ -43,6 +43,12 @@ if [ -n "$VAULT_LOCAL_CONFIG" ]; then
     echo "$VAULT_LOCAL_CONFIG" > "$VAULT_CONFIG_DIR/local.json"
 fi
 
+# When enabling TLS and providing a passphrase-protected secret key file,
+# Pass in the VAULT_TLS_KEY_PASSPHRASE environment variable
+if [ -n "$VAULT_TLS_KEY_PASSPHRASE" ]; then
+    echo "Using the provided passphrase to decrypt the secret key file and enable TLS."
+fi
+
 # If the user is trying to run Vault directly with some arguments, then
 # pass them to Vault.
 if [ "${1:0:1}" = '-' ]; then
@@ -101,4 +107,4 @@ if [ "$1" = 'vault' ]; then
     fi
 fi
 
-exec "$@"
+echo "${VAULT_TLS_KEY_PASSPHRASE}" | exec "$@"