fix: [nomad-step-2] S2-fix — 4 bugs block Step 2 verification: kv/ mount missing, VAULT_ADDR, --sops required, template fallback (#912)

2026-04-16 20:51:01 +00:00 · 2026-04-16 20:51:01 +00:00 · aa1d7a8d00
commit aa1d7a8d00
parent 42cca6de3d
4 changed files with 23 additions and 27 deletions
--- a/lib/hvault.sh
+++ b/lib/hvault.sh
@ -38,6 +38,23 @@ _hvault_resolve_token() {
  return 1
 }

+# _hvault_default_env — set default VAULT_ADDR and resolve VAULT_TOKEN
+#
+# Sets VAULT_ADDR to http://127.0.0.1:8200 if not already set.
+# Resolves VAULT_TOKEN from /etc/vault.d/root.token if not in env.
+# Exports both variables.
+#
+# Usage: source hvault.sh; _hvault_default_env
+_hvault_default_env() {
+  VAULT_ADDR="${VAULT_ADDR:-http://127.0.0.1:8200}"
+  export VAULT_ADDR
+
+  if [ -z "${VAULT_TOKEN:-}" ] && [ -f /etc/vault.d/root.token ]; then
+    VAULT_TOKEN="$(cat /etc/vault.d/root.token)"
+    export VAULT_TOKEN
+  fi
+}
+
 # _hvault_check_prereqs — validate VAULT_ADDR and VAULT_TOKEN are set
 # Args: caller function name
 _hvault_check_prereqs() {