From e21fa08291df4fd3941761bdcbe92fcd7b9b48ef Mon Sep 17 00:00:00 2001
From: Kazuhiro MUSASHI <simoom634@yahoo.co.jp>
Date: Mon, 15 Jul 2024 21:28:07 +0900
Subject: [PATCH] Deploy `/etc/vault.d/vault.env` to enable AWS KMS.

---
 cookbooks/vault/setup.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/cookbooks/vault/setup.rb b/cookbooks/vault/setup.rb
index 45923c0..39d71a4 100644
--- a/cookbooks/vault/setup.rb
+++ b/cookbooks/vault/setup.rb
@@ -9,6 +9,16 @@ template '/etc/vault.d/vault.hcl' do
   notifies :restart, 'service[vault]'
 end
 
+encrypted_remote_file '/etc/vault.d/vault.env' do
+  owner 'vault'
+  group 'vault'
+  mode '600'
+  source   'files/etc/vault.d/vault.env'
+  password ENV['ITAMAE_PASSWORD']
+
+  notifies :restart, 'service[vault]'
+end
+
 directory '/etc/vault.d/policies' do
   owner 'vault'
   group 'vault'