From a404c593786346d9bbc1e9f857dcea27df1044a3 Mon Sep 17 00:00:00 2001
From: Ben Bettridge <bbettridge@switch.tv>
Date: Tue, 24 Jan 2023 17:52:38 +1300
Subject: [PATCH] Fix helm-vault secret decryption

---
 internal/app/utils.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/internal/app/utils.go b/internal/app/utils.go
index b6f880f2..b1cd6ccf 100644
--- a/internal/app/utils.go
+++ b/internal/app/utils.go
@@ -526,6 +526,19 @@ func decryptSecret(name string) error {
 		outfile += ".dec"
 	}
 
+	if settings.VaultEnabled {
+		// helm-vault plugin doesn't write to stdout
+		useHelmOutput = false
+		if settings.VaultEnvironment != "" {
+			// helm-vault decryption with an environment interpolate the environment name into the output filename
+			vaultOutFile := name + "." + settings.VaultEnvironment + ".dec"
+			if _, err := os.Stat(vaultOutFile); err != nil {
+				return fmt.Errorf("decrypted vault file not found: %s", vaultOutFile)
+			}
+			os.Rename(vaultOutFile, outfile)
+		}
+	}
+
 	if !useHelmOutput {
 		if _, err := os.Stat(outfile); err != nil {
 			return fmt.Errorf("decryption failed: %s", res.String())