stack/apps/api/src/vault/vault.health.ts

/**
 * Vault Health Indicator
 *
 * Health check for OpenBao connectivity and encryption status.
 */

import { Injectable } from "@nestjs/common";
import { VaultService } from "./vault.service";

export interface VaultHealthStatus {
  status: "up" | "down";
  available: boolean;
  fallbackMode: boolean;
  endpoint: string;
  message?: string;
}

@Injectable()
export class VaultHealthIndicator {
  constructor(private readonly vaultService: VaultService) {}

  /**
   * Check OpenBao health status
   *
   * @returns Health status object
   */
  check(): VaultHealthStatus {
    try {
      const status = this.vaultService.getStatus();

      return {
        status: status.available ? "up" : "down",
        available: status.available,
        fallbackMode: status.fallbackMode,
        endpoint: status.endpoint,
        message: status.available
          ? "OpenBao Transit encryption enabled"
          : "Using fallback AES-256-GCM encryption",
      };
    } catch (error: unknown) {
      const errorMsg = error instanceof Error ? error.message : "Unknown error";
      return {
        status: "down",
        available: false,
        fallbackMode: true,
        endpoint: "unknown",
        message: `Health check failed: ${errorMsg}`,
      };
    }
  }
}