From 702799342d5a838e7ff4b1437c4f455ce7739072 Mon Sep 17 00:00:00 2001
From: Curtis Chin Jen Sem <curtis.chinjensem@channable.com>
Date: Tue, 28 Jun 2022 13:38:51 +0200
Subject: [PATCH] Add VAULT_TOKEN to command environment

---
 app/Main.hs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/Main.hs b/app/Main.hs
index b9eb71d..2ea79b4 100755
--- a/app/Main.hs
+++ b/app/Main.hs
@@ -68,6 +68,9 @@ data Context
   { cLocalEnvVars :: [EnvVar]
   , cCliOptions :: Options Validated Completed
   , cHttpManager :: Manager
+  , cExtraEnvVars :: [EnvVar]
+  -- ^ Variables we want to inject into the command's environment that were not
+  -- in the local environment when vaultenv was called, nor fetched via vault
   }
 
 -- | The different types of Engine that Vautlenv supports
@@ -275,6 +278,7 @@ main = do
   let context = Context { cLocalEnvVars = envAndEnvFileConfig
                         , cCliOptions = cliAndEnvAndEnvFileOptions
                         , cHttpManager = httpManager
+                        , cExtraEnvVars = []
                         }
 
   vaultEnv context >>= \case
@@ -329,7 +333,8 @@ vaultEnv originalContext =
             Right mountInfo ->
               requestSecrets authenticatedContext mountInfo secrets >>= \case
                 Left vaultError -> pure $ Left vaultError
-                Right secretEnv -> pure $ checkNoDuplicates (buildEnv secretEnv)
+                Right secretEnv -> pure $ checkNoDuplicates $
+                  buildEnv (cExtraEnvVars authenticatedContext ++ secretEnv)
     where
       retryPolicy = vaultRetryPolicy (cCliOptions originalContext)
 
@@ -352,6 +357,7 @@ vaultEnv originalContext =
               { cCliOptions = (cCliOptions context)
                 { oAuthMethod = AuthVaultToken token
                 }
+              , cExtraEnvVars = [("VAULT_TOKEN", unpack token)]
               }
 
       getMountInfo :: Context -> Retry.RetryStatus -> IO (Either VaultError MountInfo)