Make HSM pin an optional argument to allow setting it via the BANK_VA…

…ULTS_HSM_PIN env var
bank-vaults · Oct 29, 2023 · cacd2d5 · cacd2d5
1 parent 38cc62a
commit cacd2d5
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/deploy/crd/bases/vault.banzaicloud.com_vaults.yaml b/deploy/crd/bases/vault.banzaicloud.com_vaults.yaml
@@ -1150,7 +1150,6 @@ spec:
                     required:
                     - keyLabel
                     - modulePath
-                    - pin
                     type: object
                   kubernetes:
                     properties:

diff --git a/pkg/apis/vault/v1alpha1/vault_types.go b/pkg/apis/vault/v1alpha1/vault_types.go
@@ -781,10 +781,15 @@ func (usc *UnsealConfig) ToArgs(vault *Vault) []string {
 			fmt.Sprint(usc.HSM.SlotID),
 			"--hsm-key-label",
 			usc.HSM.KeyLabel,
-			"--hsm-pin",
-			usc.HSM.Pin,
 		)
 
+		if usc.HSM.Pin != "" {
+			args = append(args,
+				"--hsm-pin",
+				usc.HSM.Pin,
+			)
+		}
+
 		if usc.HSM.TokenLabel != "" {
 			args = append(args,
 				"--hsm-token-label",