From e3b541fc8d0335aa8f0e5a5cb5b98a894613b7a8 Mon Sep 17 00:00:00 2001
From: vagrant-bot <vagrant+github@hashicorp.com>
Date: Thu, 27 Oct 2022 11:02:20 -0700
Subject: [PATCH] Terraform managed file [skip ci]

---
 .github/workflows/hashibot-vars.yml | 37 +++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 .github/workflows/hashibot-vars.yml

diff --git a/.github/workflows/hashibot-vars.yml b/.github/workflows/hashibot-vars.yml
new file mode 100644
index 000000000..ead0d0b61
--- /dev/null
+++ b/.github/workflows/hashibot-vars.yml
@@ -0,0 +1,37 @@
+name: HashiBot Vars
+
+on:
+  workflow_call:
+    outputs:
+      HASHIBOT_EMAIL:
+        value: ${{ jobs.get-vars.outputs.HASHIBOT_EMAIL }}
+      HASHIBOT_TOKEN:
+        value: ${{ jobs.get-vars.outputs.HASHIBOT_TOKEN }}
+      HASHIBOT_USERNAME:
+        value: ${{ jobs.get-vars.outputs.HASHIBOT_USERNAME }}
+
+jobs:
+  get-vars:
+    runs-on: self-hosted
+    permissions:
+      id-token: write
+      contents: read
+    outputs:
+      HASHIBOT_EMAIL: ${{ steps.vars.outputs.HASHIBOT_EMAIL }}
+      HASHIBOT_TOKEN: ${{ steps.vars.outputs.HASHIBOT_TOKEN }}
+      HASHIBOT_USERNAME: ${{ steps.vars.outputs.HASHIBOT_USERNAME }}
+    steps:
+      - name: Authentication
+        id: vault-auth
+        run: vault-auth
+      - name: Fetch vars
+        id: vars
+        uses: hashicorp/vault-action@2.2.0
+        with:
+          url: ${{ steps.vault-auth.outputs.addr }}
+          caCertificates: ${{ steps.vault-auth.outputs.ca_certificate }}
+          token: ${{ steps.vault-auth.outputs.token }}
+          secrets:
+            kv/data/github/${{ github.repository }} hashibot_email | HASHIBOT_EMAIL;
+            kv/data/github/${{ github.repository }} hashibot_token | HASHIBOT_TOKEN;
+            kv/data/github/${{ github.repository }} hashibot_username | HASHIBOT_USERNAME;