From 69f0c258c4e467489839461b53f05b318e9dcd05 Mon Sep 17 00:00:00 2001
From: Joonas Bergius <joonas@cosmonic.com>
Date: Sun, 18 Aug 2024 00:34:00 -0500
Subject: [PATCH] feat(secrets-kubernetes): Support using credentials with the
 NATS connection

Signed-off-by: Joonas Bergius <joonas@cosmonic.com>
---
 secrets/secrets-kubernetes/main.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/secrets/secrets-kubernetes/main.go b/secrets/secrets-kubernetes/main.go
index f3b1048..6261fbf 100644
--- a/secrets/secrets-kubernetes/main.go
+++ b/secrets/secrets-kubernetes/main.go
@@ -99,6 +99,7 @@ func kubeClientWithImpersonation(role string) (clientcorev1.CoreV1Interface, err
 func main() {
 	var (
 		natsURL            = flag.String("nats-url", nats.DefaultURL, "Nats URL")
+		natsCreds          = flag.String("nats-creds", "", "NATS credentials file path.")
 		secretsBackendSeed = flag.String("backend-seed", "", "NKeys Curve Seed. Leave blank for ephemeral key, only recommended for development use")
 	)
 	flag.Parse()
@@ -107,7 +108,12 @@ func main() {
 
 	s := &kubeSecretsServer{}
 
-	nc, err := nats.Connect(*natsURL)
+	natsConnectOps := []nats.Option{}
+	if *natsCreds != "" {
+		natsConnectOps = append(natsConnectOps, nats.UserCredentials(*natsCreds))
+	}
+
+	nc, err := nats.Connect(*natsURL, natsConnectOps...)
 	if err != nil {
 		slog.Error("Couldn't setup nats client", slog.Any("error", err))
 		os.Exit(1)