Add vault

docker/production.dockerfile

@@ -12,6 +12,10 @@ RUN poetry export --without-hashes > requirements.txt \
 
 FROM ghcr.io/flibusta-apps/base_docker_images:3.12-postgres-runtime AS runtime-image
 
+RUN apt-get update \
+    && apt-get install -y curl jq \
+    && rm -rf /var/lib/apt/lists/*
+
 WORKDIR /app
 
 ENV VENV_PATH=/opt/venv
@@ -19,8 +23,10 @@ ENV PATH="$VENV_PATH/bin:$PATH"
 
 COPY --from=build-image $VENV_PATH $VENV_PATH
 COPY ./fastapi_file_server/ /app/
-COPY ./scripts/* /root/
+
+COPY ./scripts/* /
+RUN chmod +x /*.sh
 
 EXPOSE 8080
 
-CMD bash /root/start_production.sh
+CMD ["/start.sh"]

scripts/env.sh

@@ -0,0 +1,12 @@
+#! /usr/bin/env sh
+
+response=`curl -X 'GET' "https://$VAULT_HOST/v1/$VAULT_SECRET_PATH" -s \
+  -H 'accept: application/json' \
+  -H "X-Vault-Token: $VAULT_TOKEN"`
+
+data=`echo $response | jq -r '.data.data'`
+
+for key in $(echo "$data" | jq -r 'keys[]'); do
+    value=$(echo "$data" | jq -r ".\"$key\"")  # Corrected syntax
+    echo "$key"="$value"
+done

scripts/start.sh

@@ -1,6 +1,8 @@
-cd /app
+#! /usr/bin/env sh
 
-rm -rf prometheus
+export $(/env.sh)
-mkdir prometheus
+
+cd /app
+mkdir -p prometheus
 
 granian --interface asgi --host 0.0.0.0 --port 8080 --loop uvloop main:app