From 29455310fef6c52378065d13732a0a55168aac47 Mon Sep 17 00:00:00 2001
From: Franco <franco.riba@mi.unc.edu.ar>
Date: Sat, 2 Nov 2024 13:26:35 -0300
Subject: [PATCH] add vault workflow

---
 .github/workflows/VaultWorkflow.yaml | 44 ++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 .github/workflows/VaultWorkflow.yaml

diff --git a/.github/workflows/VaultWorkflow.yaml b/.github/workflows/VaultWorkflow.yaml
new file mode 100644
index 0000000..b7dc0eb
--- /dev/null
+++ b/.github/workflows/VaultWorkflow.yaml
@@ -0,0 +1,44 @@
+name: Vault Workflow
+
+on:
+  workflow_call:
+    outputs:
+      secrets_status:
+        description: "Status of secrets verification"
+        value: ${{ jobs.vault-secrets.outputs.verification_status }}
+
+jobs:
+  vault-secrets:
+    runs-on: ubuntu-latest
+    outputs:
+      verification_status: ${{ steps.verify.outputs.status }}
+    
+    steps:
+      - name: Debug Github Secrets # the 2 secrets needed for the vault action
+        run: |
+          echo "Checking secrets availability..."
+          if [ -n "${{ secrets.VAULT_ADDR }}" ]; then
+            echo "VAULT_ADDR is set"
+          else
+            echo "VAULT_ADDR is not set"
+          fi
+          if [ -n "${{ secrets.VAULT_TOKEN }}" ]; then
+            echo "VAULT_TOKEN is set"
+          else
+            echo "VAULT_TOKEN is not set"
+          fi
+
+      - name: Import Secrets from HCP Vault
+        uses: hashicorp/vault-action@v2
+        with:
+          url: ${{ secrets.VAULT_ADDR }}
+          method: token
+          token: ${{ secrets.VAULT_TOKEN }}
+          namespace: admin
+          secrets: |
+            kv/data/database DB_HOST ;
+            kv/data/database DB_USER ;
+            kv/data/database DB_PASSWORD ;
+            kv/data/database DB_NAME ;
+            kv/data/database DB_PORT ;
+            kv/data/jwt JWT_SECRET_KEY