From df94e755b7f0cc2d88a0e5695ac315c41fb18d0e Mon Sep 17 00:00:00 2001
From: Ed Ganiukov <ed@namespacelabs.com>
Date: Fri, 27 Sep 2024 14:54:48 +0200
Subject: [PATCH] providers/vault: add a debug log when VAULT_TOKEN env var is
 used (#1333)

---
 internal/providers/vault/provider.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/internal/providers/vault/provider.go b/internal/providers/vault/provider.go
index b062085e2..0337facda 100644
--- a/internal/providers/vault/provider.go
+++ b/internal/providers/vault/provider.go
@@ -6,10 +6,12 @@ package vault
 
 import (
 	"context"
+	"fmt"
 	"os"
 
 	vaultclient "github.com/hashicorp/vault-client-go"
 	"namespacelabs.dev/foundation/framework/secrets/combined"
+	"namespacelabs.dev/foundation/internal/console"
 	"namespacelabs.dev/foundation/internal/fnerrors"
 	"namespacelabs.dev/foundation/internal/tcache"
 	"namespacelabs.dev/foundation/std/cfg"
@@ -58,6 +60,7 @@ func login(ctx context.Context, vaultCfg *vault.VaultProvider) (*vaultclient.Cli
 				// Vault by default always prefers a token set in VAULT_TOKEN env var. We do the same.
 				// Useful in case of VAULT_TOKEN provided by the 3rd party (e.g. by CI, etc).
 				if token := os.Getenv("VAULT_TOKEN"); token != "" {
+					fmt.Fprintf(console.Debug(ctx), "skipping login as envroment variable VAULT_TOKEN is set\n")
 					client.SetToken(token)
 					return client, nil
 				}