From 7cfe6d21f74e104ab531eaceb5bbbfc8d14d439b Mon Sep 17 00:00:00 2001
From: Vangelis Papanastasatos <vagpap@gmail.com>
Date: Sat, 2 May 2026 01:19:04 +0300
Subject: [PATCH] Cleanup

---
 .env.example                    |  5 -----
 vault/README.md                 | 29 ---------------------------
 vault/tests/init-script-unit.sh | 35 ---------------------------------
 3 files changed, 69 deletions(-)
 delete mode 100644 .env.example
 delete mode 100644 vault/README.md
 delete mode 100644 vault/tests/init-script-unit.sh

diff --git a/.env.example b/.env.example
deleted file mode 100644
index f1d2530..0000000
--- a/.env.example
+++ /dev/null
@@ -1,5 +0,0 @@
-POSTGRES_DB=appdb
-POSTGRES_USER=app_user
-POSTGRES_PASSWORD=change-me
-VAULT_DEV_ROOT_TOKEN_ID=root
-VAULT_ADDR=http://127.0.0.1:8200
diff --git a/vault/README.md b/vault/README.md
deleted file mode 100644
index 95fc3d4..0000000
--- a/vault/README.md
+++ /dev/null
@@ -1,29 +0,0 @@
-# Vault Bootstrap
-
-This folder contains the Vault bootstrap assets for IMP-002.
-
-## Files
-
-- `init.sh`: idempotent bootstrap script for engines, keys, secrets, policy, and AppRole.
-- `policies/myapp-policy.hcl`: least-privilege policy for encryption service runtime.
-- `tests/init-script-unit.sh`: static unit-style checks for script compliance.
-
-## Usage
-
-```bash
-export VAULT_ADDR=http://localhost:8200
-export VAULT_TOKEN=<root-or-bootstrap-token>
-sh vault/init.sh
-```
-
-Unit-style validation:
-
-```bash
-bash vault/tests/init-script-unit.sh
-```
-
-Optional variables:
-
-- `DB_USERNAME` (default `app_user`)
-- `DB_PASSWORD` (default `change-me`)
-- `GENERATE_SECRET_ID` (`true` by default)
diff --git a/vault/tests/init-script-unit.sh b/vault/tests/init-script-unit.sh
deleted file mode 100644
index 04b1e6f..0000000
--- a/vault/tests/init-script-unit.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-# Unit-style validation for vault/init.sh static compliance.
-# Run: bash vault/tests/init-script-unit.sh
-
-script_path="vault/init.sh"
-if [ ! -f "$script_path" ]; then
-  echo "Missing file: $script_path"
-  exit 1
-fi
-
-content="$(cat "$script_path")"
-
-required_patterns=(
-  'vault secrets enable -path="\$\{MOUNT_PATH\}" "\$\{ENGINE_TYPE\}"'
-  'enable_engine_if_missing "\$\{TRANSIT_MOUNT\}" "transit"'
-  'enable_engine_if_missing "\$\{KV_MOUNT\}" "kv-v2"'
-  'vault write "\$\{TRANSIT_MOUNT\}/keys/\$\{KEK_NAME\}" type="aes256-gcm96"'
-  'vault kv put "\$\{BIK_PATH\}" key="\$\{BIK_VALUE\}"'
-  'vault kv put "\$\{DB_PATH\}" username="\$\{DB_USERNAME\}" password="\$\{DB_PASSWORD\}"'
-  'vault policy write "\$\{POLICY_NAME\}" "\$\{POLICY_FILE\}"'
-  'vault write "auth/approle/role/\$\{APPROLE_NAME\}"'
-  'secret_id_num_uses="0"'
-  'secret_id_ttl="0"'
-)
-
-for pattern in "${required_patterns[@]}"; do
-  if ! grep -Eq "$pattern" <<<"$content"; then
-    echo "Missing required pattern in init.sh: $pattern"
-    exit 1
-  fi
-done
-
-echo "vault/init.sh static unit checks passed"