#!/usr/bin/env ruby

require 'aws-sdk-ssm'

env = {}
puts 'Injecting application secrets...'

begin
  client = Aws::SSM::Client.new

  next_token = nil
  loop do
    secrets = client.get_parameters_by_path(
      path: ENV.fetch('SSM_KEY_PATH'),
      with_decryption: true,
      next_token: next_token
    )

    secrets.parameters.map do |parameter|
      key = parameter.name.split('/').last
      value = parameter.value
      env[key] = value
    end

    next_token = secrets.next_token
    break unless next_token

    sleep 1 # don't overrun the API rate limit
  end
rescue Aws::Errors::MissingRegionError
  puts 'ERROR! Unable to fetch SSM parameters!'
  puts 'In production environments, this should fail startup!'
end

exec env, *ARGV