chore: use vault naming in environment variables

Signed-off-by: Francesco Noacco <francesco.noacco@secomind.com>

Author: noaccOS

.env

@@ -20,8 +20,8 @@ VERNEMQ_ENABLE_SSL_LISTENER=true
 CLUSTERING_STRATEGY=docker-compose
 RELEASE_COOKIE=astarte-docker-compose
 
-ASTARTE_OPENBAO_AUTHENTICATION_MECHANISM="token"
-ASTARTE_OPENBAO_TOKEN="astarte_token"
+ASTARTE_VAULT_AUTHENTICATION_MECHANISM="token"
+ASTARTE_VAULT_TOKEN="astarte_token"
 
 PAIRING_ENABLE_FDO=true
 ASTARTE_BASE_URL_PORT=50000

.github/workflows/astarte-apps-build-workflow.yaml

@@ -75,7 +75,7 @@ jobs:
       - warmup
     runs-on: ubuntu-22.04
     env:
-      ASTARTE_OPENBAO_TOKEN: "astarte_token"
+      ASTARTE_VAULT_TOKEN: "astarte_token"
     strategy:
       fail-fast: false
       matrix:
@@ -110,7 +110,7 @@ jobs:
         ports:
           - 8200:8200
         env:
-          BAO_DEV_ROOT_TOKEN_ID: ${{ env.ASTARTE_OPENBAO_TOKEN }}
+          BAO_DEV_ROOT_TOKEN_ID: ${{ env.ASTARTE_VAULT_TOKEN }}
           BAO_DEV_LISTEN_ADDRESS: "0.0.0.0:8200"
         options: >-
           --health-cmd "bao status -address=http://127.0.0.1:8200 || exit 1"

.github/workflows/astarte-libs-build-workflow.yaml

@@ -78,7 +78,7 @@ jobs:
       - warmup
     runs-on: ubuntu-22.04
     env:
-      ASTARTE_OPENBAO_TOKEN: "astarte_token"
+      ASTARTE_VAULT_TOKEN: "astarte_token"
     strategy:
       fail-fast: false
       matrix:
@@ -112,7 +112,7 @@ jobs:
         ports:
           - 8200:8200
         env:
-          BAO_DEV_ROOT_TOKEN_ID: ${{ env.ASTARTE_OPENBAO_TOKEN }}
+          BAO_DEV_ROOT_TOKEN_ID: ${{ env.ASTARTE_VAULT_TOKEN }}
           BAO_DEV_LISTEN_ADDRESS: "0.0.0.0:8200"
         options: >-
           --health-cmd "bao status -address=http://127.0.0.1:8200 || exit 1"

docker-compose.yml

@@ -68,7 +68,7 @@ services:
       ASTARTE_BASE_URL_PROTOCOL: "http"
       PAIRING_FDO_RENDEZVOUS_URL: "http://rendezvous:8041"
       PAIRING_FDO_ENABLE_CREDENTIAL_REUSE: true
-      ASTARTE_OPENBAO_URL: "http://openbao:8200"
+      ASTARTE_VAULT_URL: "http://openbao:8200"
     restart: on-failure
     # TODO: add a health check for all services
     depends_on:
@@ -231,7 +231,7 @@ services:
       - BAO_ADDR=http://0.0.0.0:8200
     ports:
       - 8200:8200
-    command: server -dev -dev-listen-address="0.0.0.0:8200" -dev-root-token-id="${ASTARTE_OPENBAO_TOKEN}"
+    command: server -dev -dev-listen-address="0.0.0.0:8200" -dev-root-token-id="${ASTARTE_VAULT_TOKEN}"
     healthcheck:
       test: ["CMD", "bao", "status", "-address=http://127.0.0.1:8200"]
       interval: 2s
@@ -247,7 +247,7 @@ services:
         condition: service_healthy
     environment:
       - BAO_ADDR=http://openbao:8200
-      - BAO_TOKEN=${ASTARTE_OPENBAO_TOKEN}
+      - BAO_TOKEN=${ASTARTE_VAULT_TOKEN}
     command: bao secrets enable transit
 
   rendezvous:

libs/astarte_secrets/lib/astarte_secrets/config/config.ex

@@ -26,50 +26,50 @@ defmodule Astarte.Secrets.Config do
   alias Astarte.Secrets.Config
   alias Astarte.Secrets.Config.AuthenticationMechanism
 
-  @envdoc "The URL to access OpenBao."
+  @envdoc "The URL to access Vault."
   app_env :bao_url, :astarte_secrets, :bao_url,
-    os_env: "ASTARTE_OPENBAO_URL",
+    os_env: "ASTARTE_VAULT_URL",
     type: :binary,
     default: "http://localhost:8200"
 
-  @envdoc "Internal variable used to store bao authentication"
+  @envdoc "Internal variable used to store Vault authentication"
   app_env :bao_authentication, :astarte_secrets, :bao_authentication,
     binding_skip: [:system],
     type: :any
 
-  @envdoc "The mechanism to use for authenticating with OpenBao"
+  @envdoc "The mechanism to use for authenticating with Vault"
   app_env :bao_authentication_mechanism, :astarte_secrets, :bao_authentication_mechanism,
-    os_env: "ASTARTE_OPENBAO_AUTHENTICATION_MECHANISM",
+    os_env: "ASTARTE_VAULT_AUTHENTICATION_MECHANISM",
     type: AuthenticationMechanism
 
-  @envdoc "Token to authenticate with OpenBao"
+  @envdoc "Token to authenticate with Vault"
   app_env :bao_token, :astarte_secrets, :bao_token,
-    os_env: "ASTARTE_OPENBAO_TOKEN",
+    os_env: "ASTARTE_VAULT_TOKEN",
     type: :binary
 
-  @envdoc "Enable SSL for the OpenBao connection. If not specified, SSL is disabled."
+  @envdoc "Enable SSL for the Vault connection. If not specified, SSL is disabled."
   app_env :bao_ssl_enabled, :astarte_secrets, :bao_ssl_enabled,
-    os_env: "ASTARTE_OPENBAO_SSL_ENABLED",
+    os_env: "ASTARTE_VAULT_SSL_ENABLED",
     type: :boolean,
     default: false
 
   @envdoc """
-  Specifies the certificates of the root Certificate Authorities to be trusted for the OpenBao connection. When not specified, the bundled cURL certificate bundle will be used.
+  Specifies the certificates of the root Certificate Authorities to be trusted for the Vault connection. When not specified, the bundled cURL certificate bundle will be used.
   """
   app_env :bao_ssl_ca_file, :astarte_secrets, :bao_ssl_ca_file,
-    os_env: "ASTARTE_OPENBAO_SSL_CA_FILE",
+    os_env: "ASTARTE_VAULT_SSL_CA_FILE",
     type: :binary,
     default: CAStore.file_path()
 
-  @envdoc "Disable Server Name Indication. Defaults to false."
+  @envdoc "Disable Server Name Indication for Vault. Defaults to false."
   app_env :bao_ssl_disable_sni, :astarte_secrets, :bao_ssl_disable_sni,
-    os_env: "ASTARTE_OPENBAO_SSL_DISABLE_SNI",
+    os_env: "ASTARTE_VAULT_SSL_DISABLE_SNI",
     type: :boolean,
     default: false
 
-  @envdoc "Specify the hostname to be used in TLS Server Name Indication extension. If not specified, the amqp consumer host will be used. This value is used only if Server Name Indication is enabled."
+  @envdoc "Specify the hostname to be used in TLS Server Name Indication extension for Vault. If not specified, the Vault host will be used. This value is used only if Server Name Indication is enabled."
   app_env :bao_ssl_custom_sni, :astarte_secrets, :bao_ssl_custom_sni,
-    os_env: "ASTARTE_OPENBAO_SSL_CUSTOM_SNI",
+    os_env: "ASTARTE_VAULT_SSL_CUSTOM_SNI",
     type: :binary
 
   def bao_ssl_options! do
@@ -116,11 +116,11 @@ defmodule Astarte.Secrets.Config do
   defp parse_bao_authentication! do
     case Config.bao_authentication_mechanism!() do
       nil ->
-        raise "OpenBao authentication method not set"
+        raise "Vault authentication method not set"
 
       :token ->
         case Config.bao_token!() do
-          nil -> raise "OpenBao token not set"
+          nil -> raise "Vault token not set"
           token -> {:token, token}
         end
     end