Additional inputs and tweaking jq formatting for env file.

README.md

@@ -1,2 +1,43 @@
-# hc-vault-env
+# Adapted from https://github.com/Simporter/get-env-file-from-vault
 
+## Get env-file from Hashicorp Vault GitHub Action
+
+Simple action to get env file from HashiCorp Vault™.
+
+## Example Usage
+
+```yaml
+jobs:
+  build:
+    # ...
+    steps:
+      # ...
+      - name: Get env file
+        uses: https://git.trez.wtf/Trez/hc-vault-env@main
+        with:
+          HC_VAULT_VERSION: "1.20.4"
+          HC_VAULT_ADDR: https://vault.mycompany.com:8200
+          HC_VAULT_USERNAME: ${{ secrets.HC_VAULT_USERNAME }}
+          HC_VAULT_PASSWORD: ${{ secrets.HC_VAULT_PASSWORD }}
+          HC_VAULT_SECRETS_PATH: ${{ secrets.HC_VAULT_SECRETS_PATH }}
+      # ...
+```
+
+will get all the secrets from `kv` storage from `HC_VAULT_SECRETS_PATH` and put it in a `.env`
+
+## Authentication method
+
+Currently, only `userpass` login method is implemented. `HC_VAULT_USERNAME` and `HC_VAULT_PASSWORD` to authenticate with Vault.
+
+## Reference
+
+Here are all the inputs available through `with`:
+
+| Input                   | Description                              | Default | Required |
+| ----------------------- | ---------------------------------------- | ------- | -------- |
+| `HC_VAULT_VERSION`      | Vault version                            |         | ✔        |
+| `HC_VAULT_ADDR`         | Vault url                                |         | ✔        |
+| `HC_VAULT_USERNAME`     | Vault login username for `userpass` auth |         | ✔        |
+| `HC_VAULT_PASSWORD`     | Vault login password for `userpass` auth |         | ✔        |
+| `HC_VAULT_SECRETS_PATH` | Vault secrets path                       |         | ✔        |
+| `ENV_FILE_NAME`         | Name of created env-file                 | .env    |          |

action.yml

@@ -0,0 +1,68 @@
+name: "Generate .env file from Hashicorp Vault"
+description: "Get secrets from Vault and write to a .env file"
+
+branding:
+  icon: "lock"
+  color: "purple"
+
+inputs:
+  HC_VAULT_VERSION:
+    description: "Hashicorp Vault version"
+    required: true
+
+  HC_VAULT_ADDR:
+    description: "Vault url"
+    required: true
+
+  HC_VAULT_USERNAME:
+    description: "Vault login username"
+    required: false
+
+  HC_VAULT_PASSWORD:
+    description: "Vault login password"
+    required: false
+
+  HC_VAULT_SECRETS_PATH:
+    description: "Vault secrets path"
+    required: true
+
+  ENV_FILE_NAME:
+    description: "Name of created env-file"
+    required: false
+    default: .env
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install Hashicorp Vault
+      shell: bash
+      run: |
+        curl -S -O https://releases.hashicorp.com/vault/${{ inputs.HC_VAULT_VERSION }}/vault_${{ inputs.HC_VAULT_VERSION }}_linux_amd64.zip
+        unzip -u vault_${{ inputs.HC_VAULT_VERSION }}_linux_amd64.zip -d .
+        chmod +x vault
+        mv vault /usr/local/bin
+
+    - name: Login to Hashicorp Vault with userpass
+      if: ${{ HC_VAULT_AUTH_METHOD == 'userpass' }}
+      shell: bash
+      env:
+        VAULT_ADDR: ${{ inputs.HC_VAULT_ADDR }}
+        VAULT_SKIP_VERIFY: "true"
+      run: |
+        vault login \
+          -no-print \
+          -method=userpass \
+          username=${{ inputs.HC_VAULT_USERNAME }} \
+          password=${{ inputs.HC_VAULT_PASSWORD }}
+
+    - name: Create env-file from Hashicorp Vault config
+      shell: bash
+      env:
+        VAULT_TOKEN: ${{ inputs.HC_VAULT_TOKEN }}
+        VAULT_ADDR: ${{ inputs.HC_VAULT_ADDR }}
+        VAULT_SKIP_VERIFY: "true"
+      run: |
+        vault kv get -format=json ${{ inputs.HC_VAULT_SECRETS_PATH }} \
+        | jq -r '.data.data' \
+        | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env \
+        > ${{ inputs.ENV_FILE_NAME }}