From 11a79e5b3ecdfdfa0ad85e22b680c363096e7cfa Mon Sep 17 00:00:00 2001
From: Patrick de Ruiter <pderuiter@bsdserver.nl>
Date: Sat, 29 Nov 2025 12:42:51 +0100
Subject: [PATCH] feat: Add GitHub token support from Vault for changelog
 fetching

---
 main.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 026c624..684ff6d 100644
--- a/main.tf
+++ b/main.tf
@@ -40,7 +40,8 @@ resource "docker_container" "renovate" {
       "RENOVATE_AUTODISCOVER=${var.renovate_autodiscover}",
       "LOG_LEVEL=${var.log_level}"
     ],
-    var.github_com_token != "" ? ["GITHUB_COM_TOKEN=${var.github_com_token}"] : [],
+    # GitHub token: prefer Vault, fall back to variable
+    coalesce(try(data.vault_generic_secret.renovate.data["github_token"], ""), var.github_com_token) != "" ? ["GITHUB_COM_TOKEN=${coalesce(try(data.vault_generic_secret.renovate.data["github_token"], ""), var.github_com_token)}"] : [],
     var.extra_env_vars
   )