feat: Add support for Vault namespaces to Vault modules (#554)

## Description

Adds support for accessing auth mounts/secret engines located in a non
root namespace. Namespaces is a feature of Vault Enterprise.

## Type of Change

- [ ] New module
- [ ] New template
- [ ] Bug fix
- [x] Feature/enhancement
- [ ] Documentation
- [ ] Other

## Module Information

**Path:** `registry/coder/modules/vault-github`  
**New version:** `v1.1.0`  
**Breaking change:** [ ] Yes [x] No

**Path:** `registry/coder/modules/vault-jwt`  
**New version:** `v1.2.0`  
**Breaking change:** [ ] Yes [x] No

**Path:** `registry/coder/modules/vault-token`  
**New version:** `v1.3.0`  
**Breaking change:** [ ] Yes [x] No

## Testing & Validation

- [x] Tests pass (`bun test`)
- [x] Code formatted (`bun fmt`)
- [x] Changes tested locally

## Related Issues

None

---------

Co-authored-by: DevCats <christofer@coder.com>

.github/scripts/version-bump.sh

@@ -70,21 +70,38 @@ update_readme_version() {
   if grep -q "source.*${module_source}" "$readme_path"; then
     echo "Updating version references for $namespace/$module_name in $readme_path"
     awk -v module_source="$module_source" -v new_version="$new_version" '
-        /source.*=.*/ {
-          if ($0 ~ module_source) {
-            in_target_module = 1
-          } else {
-            in_target_module = 0
-          }
+        /^[[:space:]]*module[[:space:]]/ {
+          in_module_block = 1
+          module_content = $0 "\n"
+          module_has_target_source = 0
+          next
         }
-        /^[[:space:]]*version[[:space:]]*=/ {
-          if (in_target_module) {
-            match($0, /^[[:space]]*/
-            indent = substr($0, 1, RLENGTH)
-            print indent "version = \"" new_version "\""
-            in_target_module = 0
+        in_module_block {
+          module_content = module_content $0 "\n"
+          if ($0 ~ /source.*=/ && $0 ~ module_source) {
+            module_has_target_source = 1
+          }
+          if ($0 ~ /^[[:space:]]*}[[:space:]]*$/) {
+            in_module_block = 0
+            if (module_has_target_source) {
+              num_lines = split(module_content, lines, "\n")
+              for (i = 1; i <= num_lines; i++) {
+                line = lines[i]
+                if (line ~ /^[[:space:]]*version[[:space:]]*=/) {
+                  match(line, /^[[:space:]]*/)
+                  indent = substr(line, 1, RLENGTH)
+                  printf "%sversion = \"%s\"\n", indent, new_version
+                } else {
+                  print line
+                }
+              }
+            } else {
+              printf "%s", module_content
+            }
+            module_content = ""
             next
           }
+          next
         }
         { print }
         ' "$readme_path" > "${readme_path}.tmp" && mv "${readme_path}.tmp" "$readme_path"

registry/coder/modules/claude-code/README.md

@@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude
 ```tf
 module "claude-code" {
   source         = "registry.coder.com/coder/claude-code/coder"
-  version        = "4.0.1"
+  version        = "4.2.0"
   agent_id       = coder_agent.example.id
   workdir        = "/home/coder/project"
   claude_api_key = "xxxx-xxxxx-xxxx"
@@ -70,7 +70,7 @@ data "coder_parameter" "ai_prompt" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.0.1"
+  version  = "4.2.0"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder/project"
 
@@ -106,7 +106,7 @@ Run and configure Claude Code as a standalone CLI in your workspace.
 ```tf
 module "claude-code" {
   source              = "registry.coder.com/coder/claude-code/coder"
-  version             = "4.0.1"
+  version             = "4.2.0"
   agent_id            = coder_agent.example.id
   workdir             = "/home/coder"
   install_claude_code = true
@@ -129,7 +129,7 @@ variable "claude_code_oauth_token" {
 
 module "claude-code" {
   source                  = "registry.coder.com/coder/claude-code/coder"
-  version                 = "4.0.1"
+  version                 = "4.2.0"
   agent_id                = coder_agent.example.id
   workdir                 = "/home/coder/project"
   claude_code_oauth_token = var.claude_code_oauth_token
@@ -202,7 +202,7 @@ resource "coder_env" "bedrock_api_key" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.0.1"
+  version  = "4.2.0"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder/project"
   model    = "global.anthropic.claude-sonnet-4-5-20250929-v1:0"
@@ -259,7 +259,7 @@ resource "coder_env" "google_application_credentials" {
 
 module "claude-code" {
   source   = "registry.coder.com/coder/claude-code/coder"
-  version  = "4.0.1"
+  version  = "4.2.0"
   agent_id = coder_agent.example.id
   workdir  = "/home/coder/project"
   model    = "claude-sonnet-4@20250514"

registry/coder/modules/claude-code/main.tf

@@ -114,6 +114,12 @@ variable "claude_code_version" {
   default     = "latest"
 }
 
+variable "disable_autoupdater" {
+  type        = bool
+  description = "Disable Claude Code automatic updates. When true, Claude Code will stay on the installed version."
+  default     = false
+}
+
 variable "claude_api_key" {
   type        = string
   description = "The API key to use for the Claude Code server."
@@ -240,6 +246,12 @@ variable "boundary_pprof_port" {
   default     = "6067"
 }
 
+variable "compile_boundary_from_source" {
+  type        = bool
+  description = "Whether to compile boundary from source instead of using the official install script"
+  default     = false
+}
+
 resource "coder_env" "claude_code_md_path" {
   count = var.claude_md_path == "" ? 0 : 1
 
@@ -268,6 +280,14 @@ resource "coder_env" "claude_api_key" {
   value    = var.claude_api_key
 }
 
+resource "coder_env" "disable_autoupdater" {
+  count = var.disable_autoupdater ? 1 : 0
+
+  agent_id = var.agent_id
+  name     = "DISABLE_AUTOUPDATER"
+  value    = "1"
+}
+
 locals {
   # we have to trim the slash because otherwise coder exp mcp will
   # set up an invalid claude config
@@ -357,6 +377,7 @@ module "agentapi" {
      ARG_BOUNDARY_PROXY_PORT='${var.boundary_proxy_port}' \
      ARG_ENABLE_BOUNDARY_PPROF='${var.enable_boundary_pprof}' \
      ARG_BOUNDARY_PPROF_PORT='${var.boundary_pprof_port}' \
+     ARG_COMPILE_FROM_SOURCE='${var.compile_boundary_from_source}' \
      ARG_CODER_HOST='${local.coder_host}' \
      /tmp/start.sh
    EOT

registry/coder/modules/claude-code/scripts/start.sh

@@ -28,6 +28,7 @@ ARG_BOUNDARY_LOG_LEVEL=${ARG_BOUNDARY_LOG_LEVEL:-"WARN"}
 ARG_BOUNDARY_PROXY_PORT=${ARG_BOUNDARY_PROXY_PORT:-"8087"}
 ARG_ENABLE_BOUNDARY_PPROF=${ARG_ENABLE_BOUNDARY_PPROF:-false}
 ARG_BOUNDARY_PPROF_PORT=${ARG_BOUNDARY_PPROF_PORT:-"6067"}
+ARG_COMPILE_FROM_SOURCE=${ARG_COMPILE_FROM_SOURCE:-false}
 ARG_CODER_HOST=${ARG_CODER_HOST:-}
 
 echo "--------------------------------"
@@ -45,6 +46,7 @@ printf "ARG_BOUNDARY_VERSION: %s\n" "$ARG_BOUNDARY_VERSION"
 printf "ARG_BOUNDARY_LOG_DIR: %s\n" "$ARG_BOUNDARY_LOG_DIR"
 printf "ARG_BOUNDARY_LOG_LEVEL: %s\n" "$ARG_BOUNDARY_LOG_LEVEL"
 printf "ARG_BOUNDARY_PROXY_PORT: %s\n" "$ARG_BOUNDARY_PROXY_PORT"
+printf "ARG_COMPILE_FROM_SOURCE: %s\n" "$ARG_COMPILE_FROM_SOURCE"
 printf "ARG_CODER_HOST: %s\n" "$ARG_CODER_HOST"
 
 echo "--------------------------------"
@@ -63,11 +65,25 @@ case $session_cleanup_exit_code in
 esac
 
 function install_boundary() {
-  # Install boundary from public github repo
-  git clone https://github.com/coder/boundary
-  cd boundary
-  git checkout $ARG_BOUNDARY_VERSION
-  go install ./cmd/...
+  if [ "${ARG_COMPILE_FROM_SOURCE:-false}" = "true" ]; then
+    # Install boundary by compiling from source
+    echo "Compiling boundary from source (version: $ARG_BOUNDARY_VERSION)"
+    git clone https://github.com/coder/boundary.git
+    cd boundary
+    git checkout "$ARG_BOUNDARY_VERSION"
+
+    # Build the binary
+    make build
+
+    # Install binary and wrapper script (optional)
+    sudo cp boundary /usr/local/bin/
+    sudo cp scripts/boundary-wrapper.sh /usr/local/bin/boundary-run
+    sudo chmod +x /usr/local/bin/boundary-run
+  else
+    # Install boundary using official install script
+    echo "Installing boundary using official install script (version: $ARG_BOUNDARY_VERSION)"
+    curl -fsSL https://raw.githubusercontent.com/coder/boundary/main/install.sh | bash -s -- --version "$ARG_BOUNDARY_VERSION"
+  fi
 }
 
 function validate_claude_installation() {
@@ -209,9 +225,8 @@ function start_agentapi() {
       BOUNDARY_ARGS+=(--pprof-port ${ARG_BOUNDARY_PPROF_PORT})
     fi
 
-    agentapi server --allowed-hosts="*" --type claude --term-width 67 --term-height 1190 -- \
-      sudo -E env PATH=$PATH setpriv --reuid=$(id -u) --regid=$(id -g) --clear-groups \
-      --inh-caps=+net_admin --ambient-caps=+net_admin --bounding-set=+net_admin boundary "${BOUNDARY_ARGS[@]}" -- \
+    agentapi server --type claude --term-width 67 --term-height 1190 -- \
+      boundary-run "${BOUNDARY_ARGS[@]}" -- \
       claude "${ARGS[@]}"
   else
     agentapi server --type claude --term-width 67 --term-height 1190 -- claude "${ARGS[@]}"

registry/coder/modules/jfrog-oauth/README.md

@@ -16,7 +16,7 @@ Install the JF CLI and authenticate package managers with Artifactory using OAut
 module "jfrog" {
   count          = data.coder_workspace.me.start_count
   source         = "registry.coder.com/coder/jfrog-oauth/coder"
-  version        = "1.2.1"
+  version        = "1.2.2"
   agent_id       = coder_agent.example.id
   jfrog_url      = "https://example.jfrog.io"
   username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
@@ -39,6 +39,15 @@ module "jfrog" {
 
 This module is usable by JFrog self-hosted (on-premises) Artifactory as it requires configuring a custom integration. This integration benefits from Coder's [external-auth](https://coder.com/docs/v2/latest/admin/external-auth) feature and allows each user to authenticate with Artifactory using an OAuth flow and issues user-scoped tokens to each user. For configuration instructions, see this [guide](https://coder.com/docs/v2/latest/guides/artifactory-integration#jfrog-oauth) on the Coder documentation.
 
+## Username Handling
+
+The module automatically extracts your JFrog username directly from the OAuth token's JWT payload. This preserves special characters like dots (`.`), hyphens (`-`), and accented characters that Coder normalizes in usernames.
+
+**Priority order:**
+
+1. **JWT extraction** (default) - Extracts username from OAuth token, preserving special characters
+2. **Fallback to `username_field`** - If JWT extraction fails, uses Coder username or email
+
 ## Examples
 
 Configure the Python pip package manager to fetch packages from Artifactory while mapping the Coder email to the Artifactory username.
@@ -47,7 +56,7 @@ Configure the Python pip package manager to fetch packages from Artifactory whil
 module "jfrog" {
   count          = data.coder_workspace.me.start_count
   source         = "registry.coder.com/coder/jfrog-oauth/coder"
-  version        = "1.2.1"
+  version        = "1.2.2"
   agent_id       = coder_agent.example.id
   jfrog_url      = "https://example.jfrog.io"
   username_field = "email"
@@ -76,7 +85,7 @@ The [JFrog extension](https://open-vsx.org/extension/JFrog/jfrog-vscode-extensio
 module "jfrog" {
   count                 = data.coder_workspace.me.start_count
   source                = "registry.coder.com/coder/jfrog-oauth/coder"
-  version               = "1.2.1"
+  version               = "1.2.2"
   agent_id              = coder_agent.example.id
   jfrog_url             = "https://example.jfrog.io"
   username_field        = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"

registry/coder/modules/jfrog-oauth/main.tf

@@ -76,8 +76,27 @@ variable "package_managers" {
 }
 
 locals {
-  # The username field to use for artifactory
-  username   = var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name
+  jwt_parts   = try(split(".", data.coder_external_auth.jfrog.access_token), [])
+  jwt_payload = try(local.jwt_parts[1], "")
+  payload_padding = local.jwt_payload == "" ? "" : (
+    length(local.jwt_payload) % 4 == 0 ? "" :
+    length(local.jwt_payload) % 4 == 2 ? "==" :
+    length(local.jwt_payload) % 4 == 3 ? "=" :
+    ""
+  )
+
+  jwt_username = try(
+    regex(
+      "/users/([^/]+)",
+      jsondecode(base64decode("${local.jwt_payload}${local.payload_padding}"))["sub"]
+    )[0],
+    ""
+  )
+
+  username = coalesce(
+    local.jwt_username != "" ? local.jwt_username : null,
+    var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name
+  )
   jfrog_host = split("://", var.jfrog_url)[1]
   common_values = {
     JFROG_URL                = var.jfrog_url

registry/coder/modules/vault-github/README.md

@@ -14,7 +14,7 @@ This module lets you authenticate with [Hashicorp Vault](https://www.vaultprojec
 module "vault" {
   count      = data.coder_workspace.me.start_count
   source     = "registry.coder.com/coder/vault-github/coder"
-  version    = "1.0.31"
+  version    = "1.1.0"
   agent_id   = coder_agent.example.id
   vault_addr = "https://vault.example.com"
 }
@@ -46,7 +46,7 @@ To configure the Vault module, you must set up a Vault GitHub auth method. See t
 module "vault" {
   count                = data.coder_workspace.me.start_count
   source               = "registry.coder.com/coder/vault-github/coder"
-  version              = "1.0.31"
+  version              = "1.1.0"
   agent_id             = coder_agent.example.id
   vault_addr           = "https://vault.example.com"
   coder_github_auth_id = "my-github-auth-id"
@@ -59,7 +59,7 @@ module "vault" {
 module "vault" {
   count                  = data.coder_workspace.me.start_count
   source                 = "registry.coder.com/coder/vault-github/coder"
-  version                = "1.0.31"
+  version                = "1.1.0"
   agent_id               = coder_agent.example.id
   vault_addr             = "https://vault.example.com"
   coder_github_auth_id   = "my-github-auth-id"
@@ -73,7 +73,7 @@ module "vault" {
 module "vault" {
   count             = data.coder_workspace.me.start_count
   source            = "registry.coder.com/coder/vault-github/coder"
-  version           = "1.0.31"
+  version           = "1.1.0"
   agent_id          = coder_agent.example.id
   vault_addr        = "https://vault.example.com"
   vault_cli_version = "1.15.0"

registry/coder/modules/vault-github/main.tf

@@ -32,6 +32,12 @@ variable "vault_github_auth_path" {
   default     = "github"
 }
 
+variable "vault_namespace" {
+  type        = string
+  description = "The Vault Enterprise namespace that contains the GitHub auth mount."
+  default     = null
+}
+
 variable "vault_cli_version" {
   type        = string
   description = "The version of Vault to install."
@@ -52,6 +58,7 @@ resource "coder_script" "vault" {
     AUTH_PATH : var.vault_github_auth_path,
     GITHUB_EXTERNAL_AUTH_ID : data.coder_external_auth.github.id,
     INSTALL_VERSION : var.vault_cli_version,
+    VAULT_NAMESPACE : var.vault_namespace != null ? var.vault_namespace : "",
   })
   run_on_start       = true
   start_blocks_login = true
@@ -63,6 +70,13 @@ resource "coder_env" "vault_addr" {
   value    = var.vault_addr
 }
 
+resource "coder_env" "vault_namespace" {
+  count    = var.vault_namespace == null ? 0 : 1
+  agent_id = var.agent_id
+  name     = "VAULT_NAMESPACE"
+  value    = var.vault_namespace
+}
+
 data "coder_external_auth" "github" {
   id = var.coder_github_auth_id
 }

registry/coder/modules/vault-github/run.sh

@@ -4,6 +4,7 @@
 INSTALL_VERSION=${INSTALL_VERSION}
 GITHUB_EXTERNAL_AUTH_ID=${GITHUB_EXTERNAL_AUTH_ID}
 AUTH_PATH=${AUTH_PATH}
+VAULT_NAMESPACE=${VAULT_NAMESPACE}
 
 fetch() {
   dest="$1"
@@ -104,6 +105,11 @@ if ! (
 fi
 rm -rf "$TMP"
 
+if [ -n "$${VAULT_NAMESPACE}" ]; then
+  export VAULT_NAMESPACE
+  printf "📁 Using Vault namespace: %s\n\n" "$${VAULT_NAMESPACE}"
+fi
+
 # Authenticate with Vault
 printf "🔑 Authenticating with Vault ...\n\n"
 GITHUB_TOKEN=$(coder external-auth access-token "$${GITHUB_EXTERNAL_AUTH_ID}")

registry/coder/modules/vault-jwt/README.md

@@ -14,7 +14,7 @@ This module lets you authenticate with [Hashicorp Vault](https://www.vaultprojec
 module "vault" {
   count           = data.coder_workspace.me.start_count
   source          = "registry.coder.com/coder/vault-jwt/coder"
-  version         = "1.1.1"
+  version         = "1.2.0"
   agent_id        = coder_agent.example.id
   vault_addr      = "https://vault.example.com"
   vault_jwt_role  = "coder"                # The Vault role to use for authentication
@@ -42,7 +42,7 @@ curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/secrets/d
 module "vault" {
   count               = data.coder_workspace.me.start_count
   source              = "registry.coder.com/coder/vault-jwt/coder"
-  version             = "1.1.1"
+  version             = "1.2.0"
   agent_id            = coder_agent.example.id
   vault_addr          = "https://vault.example.com"
   vault_jwt_auth_path = "oidc"
@@ -58,7 +58,7 @@ data "coder_workspace_owner" "me" {}
 module "vault" {
   count          = data.coder_workspace.me.start_count
   source         = "registry.coder.com/coder/vault-jwt/coder"
-  version        = "1.1.1"
+  version        = "1.2.0"
   agent_id       = coder_agent.example.id
   vault_addr     = "https://vault.example.com"
   vault_jwt_role = data.coder_workspace_owner.me.groups[0]
@@ -71,7 +71,7 @@ module "vault" {
 module "vault" {
   count             = data.coder_workspace.me.start_count
   source            = "registry.coder.com/coder/vault-jwt/coder"
-  version           = "1.1.1"
+  version           = "1.2.0"
   agent_id          = coder_agent.example.id
   vault_addr        = "https://vault.example.com"
   vault_jwt_role    = "coder" # The Vault role to use for authentication
@@ -132,7 +132,7 @@ resource "jwt_signed_token" "vault" {
 module "vault" {
   count           = data.coder_workspace.me.start_count
   source          = "registry.coder.com/coder/vault-jwt/coder"
-  version         = "1.1.1"
+  version         = "1.2.0"
   agent_id        = coder_agent.example.id
   vault_addr      = "https://vault.example.com"
   vault_jwt_role  = "coder" # The Vault role to use for authentication

registry/coder/modules/vault-jwt/main.tf

@@ -38,6 +38,12 @@ variable "vault_jwt_role" {
   description = "The name of the Vault role to use for authentication."
 }
 
+variable "vault_namespace" {
+  type        = string
+  description = "The Vault Enterprise namespace that contains the JWT auth mount."
+  default     = null
+}
+
 variable "vault_cli_version" {
   type        = string
   description = "The version of Vault to install."
@@ -57,6 +63,7 @@ resource "coder_script" "vault" {
     VAULT_JWT_AUTH_PATH : var.vault_jwt_auth_path,
     VAULT_JWT_ROLE : var.vault_jwt_role,
     VAULT_CLI_VERSION : var.vault_cli_version,
+    VAULT_NAMESPACE : var.vault_namespace != null ? var.vault_namespace : "",
   })
   run_on_start       = true
   start_blocks_login = true
@@ -68,4 +75,11 @@ resource "coder_env" "vault_addr" {
   value    = var.vault_addr
 }
 
+resource "coder_env" "vault_namespace" {
+  count    = var.vault_namespace == null ? 0 : 1
+  agent_id = var.agent_id
+  name     = "VAULT_NAMESPACE"
+  value    = var.vault_namespace
+}
+
 data "coder_workspace_owner" "me" {}

registry/coder/modules/vault-jwt/run.sh

@@ -4,6 +4,7 @@
 VAULT_CLI_VERSION=${VAULT_CLI_VERSION}
 VAULT_JWT_AUTH_PATH=${VAULT_JWT_AUTH_PATH}
 VAULT_JWT_ROLE=${VAULT_JWT_ROLE}
+VAULT_NAMESPACE=${VAULT_NAMESPACE}
 CODER_OIDC_ACCESS_TOKEN=${CODER_OIDC_ACCESS_TOKEN}
 
 fetch() {
@@ -105,6 +106,11 @@ if ! (
 fi
 rm -rf "$TMP"
 
+if [ -n "$${VAULT_NAMESPACE}" ]; then
+  export VAULT_NAMESPACE
+  printf "📁 Using Vault namespace: %s\n\n" "$${VAULT_NAMESPACE}"
+fi
+
 # Authenticate with Vault
 printf "🔑 Authenticating with Vault ...\n\n"
 echo "$${CODER_OIDC_ACCESS_TOKEN}" | vault write -field=token auth/"$${VAULT_JWT_AUTH_PATH}"/login role="$${VAULT_JWT_ROLE}" jwt=- | vault login -

registry/coder/modules/vault-token/README.md

@@ -19,7 +19,7 @@ variable "vault_token" {
 
 module "vault" {
   source          = "registry.coder.com/coder/vault-token/coder"
-  version         = "1.2.2"
+  version         = "1.3.0"
   agent_id        = coder_agent.example.id
   vault_token     = var.token # optional
   vault_addr      = "https://vault.example.com"
@@ -73,7 +73,7 @@ variable "vault_token" {
 
 module "vault" {
   source            = "registry.coder.com/coder/vault-token/coder"
-  version           = "1.2.2"
+  version           = "1.3.0"
   agent_id          = coder_agent.example.id
   vault_addr        = "https://vault.example.com"
   vault_token       = var.token

registry/coder/modules/vault-token/main.tf

@@ -50,6 +50,7 @@ resource "coder_script" "vault" {
   icon         = "/icon/vault.svg"
   script = templatefile("${path.module}/run.sh", {
     INSTALL_VERSION : var.vault_cli_version,
+    VAULT_NAMESPACE : var.vault_namespace != null ? var.vault_namespace : "",
   })
   run_on_start       = true
   start_blocks_login = true
@@ -73,4 +74,4 @@ resource "coder_env" "vault_namespace" {
   agent_id = var.agent_id
   name     = "VAULT_NAMESPACE"
   value    = var.vault_namespace
-}
+}

registry/coder/modules/vault-token/run.sh

@@ -2,6 +2,7 @@
 
 # Convert all templated variables to shell variables
 INSTALL_VERSION=${INSTALL_VERSION}
+VAULT_NAMESPACE=${VAULT_NAMESPACE}
 
 fetch() {
   dest="$1"
@@ -101,3 +102,8 @@ if ! (
   exit 1
 fi
 rm -rf "$TMP"
+
+if [ -n "$${VAULT_NAMESPACE}" ]; then
+  export VAULT_NAMESPACE
+  printf "📁 Using Vault namespace: %s\n\n" "$${VAULT_NAMESPACE}"
+fi

registry/nataindata/modules/apache-airflow/README.md

@@ -3,7 +3,7 @@ display_name: airflow
 description: A module that adds Apache Airflow in your Coder template
 icon: ../../../../.icons/airflow.svg
 maintainer_github: nataindata
-verified: true
+verified: false
 tags: [airflow, ide, web]
 ---
 

registry/umair/modules/digitalocean-region/README.md

@@ -2,7 +2,7 @@
 display_name: DigitalOcean Region
 description: A parameter with human region names and icons
 icon: ../../../../.icons/digital-ocean.svg
-verified: true
+verified: false
 tags: [helper, parameter, digitalocean, regions]
 ---