From 93c1149dd4ac0b6b2aff928cea8a6c0550b2188d Mon Sep 17 00:00:00 2001
From: Jeremy Bumsted <jeremy.bumsted@gmail.com>
Date: Tue, 20 Sep 2022 16:36:31 -0600
Subject: [PATCH] Add secret-env property to auth object Set secret env in auth
 method, supports a default value of `VAULT_SECRET_ID`

---
 lib/shared.bash | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/shared.bash b/lib/shared.bash
index 8f6704e..0ff5118 100644
--- a/lib/shared.bash
+++ b/lib/shared.bash
@@ -26,6 +26,13 @@ vault_auth() {
    # approle authentication
   if [ "${BUILDKITE_PLUGIN_VAULT_SECRETS_AUTH_METHOD:-}" = "approle" ]; then
     
+    secret_var="${BUILDKITE_PLUGIN_VAULT_SECRETS_AUTH_SECRET_ENV:-$VAULT_SECRET_ID}"
+
+    if [[ -z "${!secret_var:-}" ]]; then
+      echo "+++  🚨 No vault secret id found in \$${secret_var}"
+      exit 1
+    fi
+    
     # export the vault token to be used for this job - this command writes to the auth/approle/login endpoint
     # on success, vault will return the token which we export as VAULT_TOKEN for this shell
     export VAULT_TOKEN