#!/bin/bash
set -e

echo "🔓 Unsealing Vault..."
UNSEAL_KEY="$(cat botserver-stack/conf/vault/init.json | grep -o '"unseal_keys_b64":\["[^"]*"' | cut -d'"' -f4)"

# Wait for Vault to start
for i in {1..30}; do
    if curl -sfk --cacert botserver-stack/conf/system/certificates/ca/ca.crt \
        https://localhost:8200/v1/sys/health > /dev/null 2>&1; then
        echo "✅ Vault is running"
        break
    fi
    echo "⏳ Waiting for Vault... ($i/30)"
    sleep 1
done

# Unseal Vault
echo "🔓 Unsealing..."
curl -s --cacert botserver-stack/conf/system/certificates/ca/ca.crt \
    -X POST \
    -H "X-Vault-Token: hvs.JjKHlEzycO2jvKdhhlRAoODu" \
    -d "{\"key\": \"$UNSEAL_KEY\"}" \
    https://localhost:8200/v1/sys/unseal

echo "✅ Vault unsealed"