#!/bin/sh

set -euo pipefail

# Initialize random passwords if needed

if ! vault kv list [[ .vault.prefix ]]kv/service 2>/dev/null | grep -q -E '^[[ .oo.instance ]]$'; then
  vault kv put [[ .vault.prefix ]]kv/service/[[ .oo.instance ]] \
    jwt_token=$(pwgen -s -n 50 1) \
    storage_secret=$(pwgen -s -n 50 1)
fi

for PWD in jwt_token storage_secret; do
  if ! vault kv get -field ${PWD} [[ .vault.prefix ]]kv/service/[[ .oo.instance ]] >/dev/null 2>&1; then
    vault kv patch [[ .vault.prefix ]]kv/service/[[ .oo.instance ]] \
      ${PWD}=$(pwgen -s -n 50 1)
  fi
done