From 87f91bdd4ca2c41251896ebd29a65ebabd2d6602 Mon Sep 17 00:00:00 2001
From: Brett Jones <bjones027+noreply@gmail.com>
Date: Mon, 16 Jan 2017 13:43:43 -0600
Subject: [PATCH] fix bash/sh issues, update docs

---
 Dockerfile      |  3 ++-
 README.md       |  4 ++--
 vault-unseal.sh | 15 +++++++++------
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 90033b8..5bb7f8b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,5 +2,6 @@ FROM vault:0.6.4
 MAINTAINER blockloop
 
 ADD ./vault-unseal.sh /vault-unseal.sh
+RUN chmod a+x /vault-unseal.sh
 
-CMD ["/vault-unseal.sh"]
+CMD ["/bin/sh", "/vault-unseal.sh"]
diff --git a/README.md b/README.md
index a6cc2c0..7d42b9d 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 Unseal a [vault](https://www.vaultproject.io) with a docker container given only environment variables.
 
-![](https://img.shields.io/docker/pulls/blockloop/vault-unseal.svg)
+[![Foo](https://img.shields.io/docker/pulls/blockloop/vault-unseal.svg)](https://hub.docker.com/r/blockloop/vault-unseal/)
 
 This project was initially created to run as a kubernetes job to unseal a vault within the same cluster. This gives you the ability to pass env variables to a docker container and have it unseal a vault with the given keys. This image is based on the official vault image so many of the variables are the same. 
 
@@ -10,7 +10,7 @@ This project was initially created to run as a kubernetes job to unseal a vault
 
 `VAULT_UNSEAL_KEY_X` - this is the format of the unseal keys. In Kubernetes these are stored in a secret store and mounted to the Vault Unsealer Job as environment variables.
 
-This container will loop up to 20 times, as many times as it can until vault is either unsealed or it returns an error. Each time it loops it checks the vault status and then, if the vault is still sealed, it runs `unseal` with the next key, or if it is unsealed, it exists 0. 
+This container will loop up to 15 times, as many times as it can until vault is either unsealed or it returns an error. Each time it loops it checks the vault status and then, if the vault is still sealed, it runs `unseal` with the next key, or if it is unsealed, it exists 0. 
 
 ## Instructions
 
diff --git a/vault-unseal.sh b/vault-unseal.sh
index b6bab63..518ccad 100755
--- a/vault-unseal.sh
+++ b/vault-unseal.sh
@@ -1,8 +1,12 @@
 #!/bin/bash
 
-for i in {1..20}; do
+VAULT_KEYS="$VAULT_UNSEAL_KEY_1 $VAULT_UNSEAL_KEY_2 $VAULT_UNSEAL_KEY_3 $VAULT_UNSEAL_KEY_4 $VAULT_UNSEAL_KEY_5 $VAULT_UNSEAL_KEY_6 $VAULT_UNSEAL_KEY_7 $VAULT_UNSEAL_KEY_8 $VAULT_UNSEAL_KEY_9 $VAULT_UNSEAL_KEY_10 $VAULT_UNSEAL_KEY_11 $VAULT_UNSEAL_KEY_12 $VAULT_UNSEAL_KEY_13 $VAULT_UNSEAL_KEY_14 $VAULT_UNSEAL_KEY_15"
+
+i=0
+for k in $VAULT_KEYS; do
     # https://github.com/hashicorp/vault/blob/c44f1c9817955d4c7cd5822a19fb492e1c2d0c54/command/status.go#L107
     # code reflects the seal status (0 unsealed, 2 sealed, 1 error).
+    i=$((i+1))
     vault status;
     st=$?
 
@@ -12,15 +16,13 @@ for i in {1..20}; do
     elif [ $st -eq 2 ]; then
         echo "vault is sealed"
         echo "unsealing with key $i"
-        v="VAULT_UNSEAL_KEY_$i"
-        v="${!v}"
 
-        if [ -z "$v" ]; then
-            echo "ran out of vault uneal keys at $i (VAULT_UNSEAL_KEY_$i is empty). terminating..."
+        if [ -z "$k" ]; then
+            echo "ran out of vault uneal keys at $i (VAULT_UNSEAL_KEY_$i is missing). terminating..."
             exit 1
         fi
 
-        vault useal "$v" > /dev/null
+        vault unseal "$k" > /dev/null
         code=$?
         if [ $? -ne 0 ] ; then
             echo "unseal returned a bad exit code ($code). terminating..."
@@ -32,3 +34,4 @@ for i in {1..20}; do
         exit 1
     fi
 done
+