From f95d08c68d2ca4c67689b1f5a07307c684f87203 Mon Sep 17 00:00:00 2001
From: Timon Borter <timon.borter@gmx.ch>
Date: Wed, 3 Jul 2024 16:58:48 +0200
Subject: [PATCH] fix: add additional active user password

---
 README.md                       | 5 ++++-
 img/initial-vault-structure.png | 4 ++--
 src/vault.rs                    | 4 ++++
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 787f10a..97d8d55 100644
--- a/README.md
+++ b/README.md
@@ -68,7 +68,7 @@ _Never_ include your `VAULT_TOKEN` directly in the configuration file or commit
 
 ### Initializing Vault for Secret Management
 
-The propeller init-vault command is the first step in setting up your database secret rotation process.
+The `propeller init-vault` command is the first step in setting up your database secret rotation process.
 It creates the necessary structure within your Vault instance to securely store and manage your PostgreSQL credentials.
 
 **Command Usage:**
@@ -82,6 +82,7 @@ After running the command, the specified Vault path will contain a JSON secret w
 ```json
 {
   "postgresql_active_user": "TBD",
+  "postgresql_active_user_password": "TBD",
   "postgresql_user_1": "TBD",
   "postgresql_user_1_password": "TBD",
   "postgresql_user_2": "TBD",
@@ -89,6 +90,8 @@ After running the command, the specified Vault path will contain a JSON secret w
 }
 ```
 
+**Note that any previously present secrets in this path will be lost in the process!**
+
 The "TBD" placeholders indicate that these values _must_ be filled once with the initial values before continuing the rotation process.
 
 #### Example Result
diff --git a/img/initial-vault-structure.png b/img/initial-vault-structure.png
index e15dcca..b451014 100644
--- a/img/initial-vault-structure.png
+++ b/img/initial-vault-structure.png
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f47941bb830989f90964f4a2f04b4f7a3b6c8923c404cc74a552e4ba2775204d
-size 273172
+oid sha256:16149ce487b9abdab50f023816fb90fde84bd5c8700732bf8e75e3449469cf85
+size 335029
diff --git a/src/vault.rs b/src/vault.rs
index 043e446..2929184 100644
--- a/src/vault.rs
+++ b/src/vault.rs
@@ -12,6 +12,7 @@ const VAULT_TOKEN: &'static str = "VAULT_TOKEN";
 #[derive(Debug, Deserialize, Serialize)]
 struct VaultStructure {
     postgresql_active_user: String,
+    postgresql_active_user_password: String,
     postgresql_user_1: String,
     postgresql_user_1_password: String,
     postgresql_user_2: String,
@@ -37,8 +38,11 @@ impl Vault {
     }
 
     pub(crate) fn init_secret_path(&mut self) {
+        // TODO: Theoretically it would be possible to check if anything exists in this path already - exit if so.
+
         let vault_structure = VaultStructure {
             postgresql_active_user: "TBD".to_string(),
+            postgresql_active_user_password: "TBD".to_string(),
             postgresql_user_1: "TBD".to_string(),
             postgresql_user_1_password: "TBD".to_string(),
             postgresql_user_2: "TBD".to_string(),