#!/usr/bin/env ruby

env = {}

if ENV.has_key?('SSM_KEY_PATH')
  require 'aws-sdk-ssm'

  puts 'Injecting application secrets...'

  begin
    client = Aws::SSM::Client.new

    next_token = nil
    loop do
      secrets = client.get_parameters_by_path(
        path: ENV.fetch('SSM_KEY_PATH'),
        with_decryption: true,
        next_token: next_token
      )

      secrets.parameters.map do |parameter|
        key = parameter.name.split('/').last
        value = parameter.value
        env[key] = value
      end

      next_token = secrets.next_token
      break unless next_token

      sleep 1 # don't overrun the API rate limit
    end
  rescue Aws::Errors::MissingRegionError
    puts 'Error: Missing AWS Region'
    exit 1
  rescue Aws::Errors::MissingCredentialsError
    puts 'Error: Missing AWS Credentials'
    exit 2
  end
end

exec env, *ARGV