k3s/deploy/00-infisical.sh

#!/bin/bash

# Parse command line arguments
RECREATE=false
for arg in "$@"; do
  case $arg in
    --recreate)
      RECREATE=true
      shift
      ;;
  esac
done

# Check if the secret already exists
SECRET_EXISTS=$(kubectl get secret universal-auth-credentials -n infisical --ignore-not-found -o name)

if [[ -n "$SECRET_EXISTS" && "$RECREATE" == "true" ]]; then
  echo "Recreating Infisical bootstrap secret..."
  kubectl delete secret universal-auth-credentials -n infisical
  kubectl create secret generic universal-auth-credentials -n infisical \
    --from-literal clientId=$(gopass show -o homelab/infisical/id) \
    --from-literal clientSecret=$(gopass show -o homelab/infisical/secret)
elif [[ -z "$SECRET_EXISTS" ]]; then
  echo "Creating Infisical bootstrap secret..."
  kubectl create secret generic universal-auth-credentials -n infisical \
    --from-literal clientId=$(gopass show -o homelab/infisical/id) \
    --from-literal clientSecret=$(gopass show -o homelab/infisical/secret)
else
  echo "Infisical bootstrap secret already exists, skipping creation (use --recreate to force)"
fi