2026-04-17 10:37:51 +00:00
2 changed files with 10 additions and 1 deletions
--- a/tests/vault-import.bats
+++ b/tests/vault-import.bats
@ -137,6 +137,7 @@ setup() {
    "${VAULT_ADDR}/v1/kv/data/disinto/shared/woodpecker"
  [ "$status" -eq 0 ]
  echo "$output" | grep -q "wp-agent-secret"
+  # Forgejo keys are normalized: WP_FORGEJO_* → forgejo_* (no wp_ prefix in key name)
  echo "$output" | grep -q "wp-forgejo-client"
  echo "$output" | grep -q "wp-forgejo-secret"
  echo "$output" | grep -q "wp-token"
@ -294,6 +295,8 @@ setup() {
    "deploy-key-test"
    "npm-test-token"
    "dockerhub-test-token"
+    # Note: forgejo-client and forgejo-secret are NOT in the output
+    # because they are read from Vault, not logged
  )

  for pattern in "${secret_patterns[@]}"; do
--- a/tools/vault-import.sh
+++ b/tools/vault-import.sh
@ -391,7 +391,13 @@ EOF
    local val="${!key}"
    if [ -n "$val" ]; then
      local lowercase_key="${key,,}"
-      operations+=("woodpecker|$lowercase_key|$env_file|$key")
+      # Normalize WP_FORGEJO_* → forgejo_* (strip wp_ prefix to match template)
+      if [[ "$lowercase_key" =~ ^wp_(.+)$ ]]; then
+        vault_key="${BASH_REMATCH[1]}"
+      else
+        vault_key="$lowercase_key"
+      fi
+      operations+=("woodpecker|$vault_key|$env_file|$key")
    fi
  done