From 0b20c5c99f9e964370d4f4ca663990ed56a14c7c Mon Sep 17 00:00:00 2001
From: Katrina Rogan <katroganGH@gmail.com>
Date: Tue, 9 Aug 2022 12:25:46 -0700
Subject: [PATCH] Read client secret from env var first since the location has
 a default  (#312)

Signed-off-by: Katrina Rogan <katroganGH@gmail.com>
---
 clients/go/admin/token_source_provider.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/clients/go/admin/token_source_provider.go b/clients/go/admin/token_source_provider.go
index fd669e3f27..0a426bbfcb 100644
--- a/clients/go/admin/token_source_provider.go
+++ b/clients/go/admin/token_source_provider.go
@@ -136,15 +136,15 @@ type ClientCredentialsTokenSourceProvider struct {
 func NewClientCredentialsTokenSourceProvider(ctx context.Context, cfg *Config,
 	clientMetadata *service.PublicClientAuthConfigResponse, tokenURL string) (TokenSourceProvider, error) {
 	var secret string
-	if len(cfg.ClientSecretLocation) > 0 {
+	if len(cfg.ClientSecretEnvVar) > 0 {
+		secret = os.Getenv(cfg.ClientSecretEnvVar)
+	} else if len(cfg.ClientSecretLocation) > 0 {
 		secretBytes, err := ioutil.ReadFile(cfg.ClientSecretLocation)
 		if err != nil {
 			logger.Errorf(ctx, "Error reading secret from location %s", cfg.ClientSecretLocation)
 			return nil, err
 		}
 		secret = string(secretBytes)
-	} else if len(cfg.ClientSecretEnvVar) > 0 {
-		secret = os.Getenv(cfg.ClientSecretEnvVar)
 	}
 	secret = strings.TrimSpace(secret)