[infra] vault + chsettle + aurora for dev

ci/prod/scripts/deploy/chain_gateway.sh

@@ -22,8 +22,6 @@ REQUIRED_SECRETS=(
   CHAIN_GATEWAY_RPC_URL
   CHAIN_GATEWAY_SERVICE_WALLET_KEY
   CHAIN_GATEWAY_SERVICE_WALLET_ADDRESS
-  CHAIN_GATEWAY_VAULT_ROLE_ID
-  CHAIN_GATEWAY_VAULT_SECRET_ID
   NATS_USER
   NATS_PASSWORD
   NATS_URL
@@ -50,8 +48,8 @@ CHAIN_GATEWAY_MONGO_PASSWORD_B64="$(b64enc "${CHAIN_GATEWAY_MONGO_PASSWORD}")"
 CHAIN_GATEWAY_RPC_URL_B64="$(b64enc "${CHAIN_GATEWAY_RPC_URL}")"
 CHAIN_GATEWAY_SERVICE_WALLET_KEY_B64="$(b64enc "${CHAIN_GATEWAY_SERVICE_WALLET_KEY}")"
 CHAIN_GATEWAY_SERVICE_WALLET_ADDRESS_B64="$(b64enc "${CHAIN_GATEWAY_SERVICE_WALLET_ADDRESS}")"
-CHAIN_GATEWAY_VAULT_ROLE_ID_B64="$(b64enc "${CHAIN_GATEWAY_VAULT_ROLE_ID}")"
-CHAIN_GATEWAY_VAULT_SECRET_ID_B64="$(b64enc "${CHAIN_GATEWAY_VAULT_SECRET_ID}")"
+CHAIN_GATEWAY_VAULT_ROLE_ID_B64="$(b64enc "${CHAIN_GATEWAY_VAULT_ROLE_ID:-}")"
+CHAIN_GATEWAY_VAULT_SECRET_ID_B64="$(b64enc "${CHAIN_GATEWAY_VAULT_SECRET_ID:-}")"
 NATS_USER_B64="$(b64enc "${NATS_USER}")"
 NATS_PASSWORD_B64="$(b64enc "${NATS_PASSWORD}")"
 NATS_URL_B64="$(b64enc "${NATS_URL}")"
@@ -120,6 +118,9 @@ load_kv_file() {
   done <"$file"
 }
 load_kv_file ../env/.env.version
+if [[ -f ../env/vault.env ]]; then
+  load_kv_file ../env/vault.env
+fi
 set +a
 
 IMAGE_TAG="${IMAGE_TAG:-${APP_V}-${GIT_REV}}"
@@ -156,6 +157,10 @@ export CHAIN_GATEWAY_RPC_URL
 export CHAIN_GATEWAY_SERVICE_WALLET_KEY CHAIN_GATEWAY_SERVICE_WALLET_ADDRESS
 export CHAIN_GATEWAY_VAULT_ROLE_ID CHAIN_GATEWAY_VAULT_SECRET_ID
 export NATS_USER NATS_PASSWORD NATS_URL
+if [[ -z "${CHAIN_GATEWAY_VAULT_ROLE_ID:-}" || -z "${CHAIN_GATEWAY_VAULT_SECRET_ID:-}" ]]; then
+  echo "missing required secret env: CHAIN_GATEWAY_VAULT_ROLE_ID/CHAIN_GATEWAY_VAULT_SECRET_ID" >&2
+  exit 65
+fi
 
 COMPOSE_PROJECT_NAME="$COMPOSE_PROJECT"
 export COMPOSE_PROJECT_NAME