zulip/puppet/zulip/files/secret-env-wrapper

#!/usr/bin/env bash

set -eu

for arg in "$@"; do
    if [ "$arg" == "--" ]; then
        shift
        exec "$@"
    elif [[ "$arg" == *"="* ]]; then
        shift
        varname="${arg%%=*}"
        secretname="${arg#*=}"
        secret=$(crudini --get /etc/zulip/zulip-secrets.conf secrets "$secretname")
        export "$varname"="$secret"
    else
        exec "$@"
    fi
done

{
    echo "Usage:"
    echo "    secret-env-wrapper ENVNAME=secretname binary [argument [argument [...]]]"
} >&2

exit 1