added missing files

infra/s3/minio-entrypoint.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+echo "Waiting for Vault Agent to render /vault/secrets/minio.env..."
+while [ ! -f /vault/secrets/minio.env ]; do
+  sleep 0.5
+done
+
+echo "Vault secrets ready, starting MinIO..."
+exec minio "$@"

infra/s3/minio-wait.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -eu
+until [ -s /vault/secrets/MINIO_ROOT_USER ] && [ -s /vault/secrets/MINIO_ROOT_PASSWORD ]; do
+  echo "waiting for MINIO creds"; sleep 1
+done
+exec /usr/bin/minio "$@"

infra/s3/vault/agent.hcl

@@ -0,0 +1,29 @@
+auto_auth {
+  method "approle" {
+    mount_path = "auth/approle"
+    config = {
+      role_id_file_path   = "/vault/secrets/role_id"
+      secret_id_file_path = "/vault/secrets/secret_id"
+    }
+  }
+
+  sink "file" {
+    config = { path = "/vault/token" }
+  }
+}
+
+template {
+  source      = "/etc/vault/templates/user.ctmpl"
+  destination = "/vault/secrets/MINIO_ROOT_USER"
+  perms       = "0440"
+}
+
+template {
+  source      = "/etc/vault/templates/password.ctmpl"
+  destination = "/vault/secrets/MINIO_ROOT_PASSWORD"
+  perms       = "0440"
+}
+
+vault {
+  address = "http://vault_vault:8200"
+}

infra/s3/vault/templates/password.ctmpl

@@ -0,0 +1 @@
+{{ with secret "kv/data/s3/minio" }}{{ .Data.data.password }}{{ end }}

infra/s3/vault/templates/user.ctmpl

@@ -0,0 +1 @@
+{{ with secret "kv/data/s3/minio" }}{{ .Data.data.user }}{{ end }}