From eece6831b4f4f171f8741f858918739beb6a2d78 Mon Sep 17 00:00:00 2001
From: "Rodrigo Rodriguez (Pragmatismo)" <me@rodrigorodriguez.com>
Date: Fri, 3 Apr 2026 08:22:06 -0300
Subject: [PATCH] Fix: initialize secrets manager when remote Vault detected,
 even without init.json

- main.rs: Skip init.json check when VAULT_ADDR points to remote server
- This allows botserver to read database credentials from Vault in production
- Without this fix, database URL falls back to localhost and connection fails
---
 src/main.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index a43f86ae..9ab434ed 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -207,11 +207,16 @@ async fn main() -> std::io::Result<()> {
 
     let env_path_early = std::path::Path::new("./.env");
     let vault_init_path_early = std::path::Path::new("./botserver-stack/conf/vault/init.json");
-    let bootstrap_ready = env_path_early.exists() && vault_init_path_early.exists() && {
+    let vault_addr = std::env::var("VAULT_ADDR").unwrap_or_default();
+    let is_remote_vault = !vault_addr.is_empty()
+        && !vault_addr.contains("localhost")
+        && !vault_addr.contains("127.0.0.1");
+
+    let bootstrap_ready = is_remote_vault || (env_path_early.exists() && vault_init_path_early.exists() && {
         std::fs::read_to_string(env_path_early)
             .map(|content| content.contains("VAULT_TOKEN="))
             .unwrap_or(false)
-    };
+    });
 
     if bootstrap_ready {
         if let Err(e) = crate::core::shared::utils::init_secrets_manager().await {