#!/bin/sh

export VAULT_ADDR={{ vault_conf.api_addr }}

UNSEAL='{% if vault_unseal_keys | length > 0 %}{{ vault_unseal_keys | join(',') }}{% endif %}'
STATUS=$(vault status -format json)

if [ "$(echo ${STATUS} | jq -r .initialized)" != "true" ]; then
  echo "Vault not initialized yet"
  exit 0
fi

if [ "$(echo ${STATUS} | jq -r .sealed)" != "true" ]; then
  echo "Vault not sealed, nothing to do"
  exit 0
fi

for KEY in $(echo ${UNSEAL} | sed -E 's/,/\n/g'); do
  vault operator unseal "${KEY}"
done