From 582d004ca5a66b03ed3bd5c92f42474b39ffdf6c Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@redhat.com>
Date: Tue, 2 Feb 2021 10:49:30 +0100
Subject: [PATCH] util: store EnvVaultInsecure as string, not bool

The configuration option `EnvVaultInsecure` is expected to be a string,
not a boolean. By converting the bool back to a string (after
verification), it is now possible to skip the certificate validation
check by setting `vaultCAVerify: false` in the Vault configuration.

Fixes: #1852
Reported-by: Bryon Nevis <bryon.nevis@intel.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
---
 internal/util/vault.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/util/vault.go b/internal/util/vault.go
index b44fb4063..ed377019b 100644
--- a/internal/util/vault.go
+++ b/internal/util/vault.go
@@ -175,7 +175,7 @@ func (vc *vaultConnection) initConnection(kmsID string, config map[string]interf
 		if err != nil {
 			return fmt.Errorf("failed to parse 'vaultCAVerify': %w", err)
 		}
-		vaultConfig[api.EnvVaultInsecure] = !vaultCAVerify
+		vaultConfig[api.EnvVaultInsecure] = strconv.FormatBool(!vaultCAVerify)
 	}
 
 	vaultCAFromSecret := "" // optional