build script update

api/chain/gateway/config.yml

@@ -50,8 +50,8 @@ service_wallet:
 key_management:
   driver: vault
   settings:
-    address: "https://vault.sendico.io:8200"
-    token_env: CHAIN_GATEWAY_VAULT_TOKEN
+    address: "https://vault.sendico.io"
+    token_env: VAULT_TOKEN
     namespace: ""
-    mount_path: secret
+    mount_path: kv
     key_prefix: chain/gateway/wallets

api/chain/gateway/entrypoint.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+set -eu
+
+if [ -n "${VAULT_TOKEN_FILE:-}" ] && [ -f "${VAULT_TOKEN_FILE}" ]; then
+  token="$(cat "${VAULT_TOKEN_FILE}" 2>/dev/null | tr -d '[:space:]')"
+  if [ -n "${token}" ]; then
+    export VAULT_TOKEN="${token}"
+  fi
+fi
+
+if [ -z "${VAULT_TOKEN:-}" ]; then
+  echo "[entrypoint] VAULT_TOKEN is not set; expected Vault Agent sink to write a token to ${VAULT_TOKEN_FILE:-/run/vault/token}" >&2
+fi
+
+exec /app/chain-gateway "$@"

api/chain/gateway/internal/keymanager/vault/manager.go

@@ -55,8 +55,8 @@ func New(logger mlogger.Logger, cfg Config) (*Manager, error) {
 	}
 	token := strings.TrimSpace(os.Getenv(tokenEnv))
 	if token == "" {
-		logger.Error("vault token env not set", zap.String("env", tokenEnv))
-		return nil, merrors.InvalidArgument("vault key manager: token env " + tokenEnv + " is not set")
+		logger.Error("vault token missing; expected Vault Agent to export token", zap.String("env", tokenEnv))
+		return nil, merrors.InvalidArgument("vault key manager: token env " + tokenEnv + " is not set (expected Vault Agent sink to populate it)")
 	}
 	mountPath := strings.Trim(strings.TrimSpace(cfg.MountPath), "/")
 	if mountPath == "" {