From bcc9ec783364560b362081493a6f416b4114470e Mon Sep 17 00:00:00 2001
From: Patrik Holmqvist <pahol@sunet.se>
Date: Wed, 26 Feb 2025 15:12:17 +0100
Subject: [PATCH] Better to condition on HSM use than envrironment, SC-2670

---
 global/overlay/etc/puppet/modules/eid/manifests/connector.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/eid/manifests/connector.pp b/global/overlay/etc/puppet/modules/eid/manifests/connector.pp
index 95db6412..42152842 100644
--- a/global/overlay/etc/puppet/modules/eid/manifests/connector.pp
+++ b/global/overlay/etc/puppet/modules/eid/manifests/connector.pp
@@ -41,7 +41,8 @@ class eid::connector (
       content => template("eid/connector/application-${environment}.yml.erb")
     }
 
-    if ($environment == 'qa') {
+    # If we dont use HSM, we need the keys on disk
+    if (unless $use_hsm) {
       sunet::snippets::secret_file {"${connector_directory}/credentials/metadata.key":
         hiera_key => 'eidas_metadata_key',
         base64    => true