From 81136ff092e26f173ffe647cc1f502d35bd36a6c Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@mit.edu>
Date: Tue, 19 Jul 2016 16:57:42 -0700
Subject: [PATCH] env-wal-e: Eliminate hardcoding of AWS keys.

Pre-Zulip being open sourced, this file just had the AWS keys for
backups hardcoded.

Instead, these are simply read from zulip-secrets.conf.
---
 puppet/zulip/files/postgresql/env-wal-e | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/puppet/zulip/files/postgresql/env-wal-e b/puppet/zulip/files/postgresql/env-wal-e
index 32dfe7471d..6d0a55b2d7 100755
--- a/puppet/zulip/files/postgresql/env-wal-e
+++ b/puppet/zulip/files/postgresql/env-wal-e
@@ -1,11 +1,11 @@
 #!/bin/sh
-if [ -z "$ZULIP_CONF" ]; then
-    ZULIP_CONF=/etc/zulip/zulip.conf
+if [ -z "$ZULIP_SECRETS_CONF" ]; then
+    ZULIP_SECRETS_CONF=/etc/zulip/zulip-secrets.conf
 fi
 
-export AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxx
-export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-s3_backup_bucket=$(crudini --get "$ZULIP_CONF" database s3_backup_bucket 2>&1)
+export AWS_ACCESS_KEY_ID=$(crudini --get "$ZULIP_SECRETS_CONF" secrets s3_backups_key)
+export AWS_SECRET_ACCESS_KEY=$(crudini --get "$ZULIP_SECRETS_CONF" secrets s3_backups_secret_key)
+s3_backup_bucket=$(crudini --get "$ZULIP_SECRETS_CONF" secrets s3_backup_bucket 2>&1)
 if [ $? -ne 0 ]; then
     echo "Could not determine which s3 bucket to use:" "$s3_backup_bucket"
     exit 1