From f20d66294108abcbacedec97ebbee6d0b7efb4a0 Mon Sep 17 00:00:00 2001 From: "Rodrigo Rodriguez (Pragmatismo)" Date: Fri, 19 Dec 2025 12:28:22 -0300 Subject: [PATCH] fix: store vault-unseal-keys in working directory, not /opt/gbo/secrets --- src/core/package_manager/facade.rs | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/src/core/package_manager/facade.rs b/src/core/package_manager/facade.rs index c2019a47..901b74d4 100644 --- a/src/core/package_manager/facade.rs +++ b/src/core/package_manager/facade.rs @@ -354,12 +354,8 @@ impl PackageManager { .as_str() .context("No root token in output")?; - // Create secrets directory - let secrets_dir = PathBuf::from("/opt/gbo/secrets"); - std::fs::create_dir_all(&secrets_dir)?; - - // Write vault-unseal-keys file - let unseal_keys_file = secrets_dir.join("vault-unseal-keys"); + // Write vault-unseal-keys file in working directory + let unseal_keys_file = PathBuf::from("vault-unseal-keys"); let mut unseal_content = String::new(); for (i, key) in unseal_keys.iter().enumerate() { if i < 3 { @@ -385,7 +381,7 @@ impl PackageManager { // Check if .env exists, create or append let env_file = PathBuf::from(".env"); let env_content = format!( - "\n# Vault Configuration (auto-generated)\nVAULT_ADDR=http://{}:8200\nVAULT_TOKEN={}\nVAULT_UNSEAL_KEYS_FILE=/opt/gbo/secrets/vault-unseal-keys\n", + "\n# Vault Configuration (auto-generated)\nVAULT_ADDR=http://{}:8200\nVAULT_TOKEN={}\nVAULT_UNSEAL_KEYS_FILE=vault-unseal-keys\n", ip, root_token ); @@ -454,11 +450,11 @@ impl PackageManager { ✓ Vault initialized and unsealed automatically ✓ Created .env with VAULT_ADDR, VAULT_TOKEN -✓ Created /opt/gbo/secrets/vault-unseal-keys (chmod 600) +✓ Created vault-unseal-keys (chmod 600) Files created: - .env - Vault connection config - /opt/gbo/secrets/vault-unseal-keys - Unseal keys for auto-unseal + .env - Vault connection config + vault-unseal-keys - Unseal keys for auto-unseal On server restart, run: botserver vault unseal