From cacd2d5abdbd51cef162683e4e9b4e5e051348ed Mon Sep 17 00:00:00 2001
From: mark <mark@astranis.com>
Date: Sun, 29 Oct 2023 16:59:32 -0700
Subject: [PATCH] Make HSM pin an optional argument to allow setting it via the
 BANK_VAULTS_HSM_PIN env var

---
 deploy/crd/bases/vault.banzaicloud.com_vaults.yaml | 1 -
 pkg/apis/vault/v1alpha1/vault_types.go             | 9 +++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/deploy/crd/bases/vault.banzaicloud.com_vaults.yaml b/deploy/crd/bases/vault.banzaicloud.com_vaults.yaml
index b7dc0099..573ed053 100644
--- a/deploy/crd/bases/vault.banzaicloud.com_vaults.yaml
+++ b/deploy/crd/bases/vault.banzaicloud.com_vaults.yaml
@@ -1150,7 +1150,6 @@ spec:
                     required:
                     - keyLabel
                     - modulePath
-                    - pin
                     type: object
                   kubernetes:
                     properties:
diff --git a/pkg/apis/vault/v1alpha1/vault_types.go b/pkg/apis/vault/v1alpha1/vault_types.go
index 292fadcb..5d869dfd 100644
--- a/pkg/apis/vault/v1alpha1/vault_types.go
+++ b/pkg/apis/vault/v1alpha1/vault_types.go
@@ -781,10 +781,15 @@ func (usc *UnsealConfig) ToArgs(vault *Vault) []string {
 			fmt.Sprint(usc.HSM.SlotID),
 			"--hsm-key-label",
 			usc.HSM.KeyLabel,
-			"--hsm-pin",
-			usc.HSM.Pin,
 		)
 
+		if usc.HSM.Pin != "" {
+			args = append(args,
+				"--hsm-pin",
+				usc.HSM.Pin,
+			)
+		}
+
 		if usc.HSM.TokenLabel != "" {
 			args = append(args,
 				"--hsm-token-label",