Enhance devcontainer to auto-restore OCI/kubeconfig/bastion config from Codespace secrets

[Copilot]

First-time and post-rebuild setup required multiple interactive manual steps. This adds secrets-based auto-restore so configs are populated automatically on every container start.

New scripts

• restore-from-secrets.sh — reads 6 base64-encoded Codespace secrets, decodes each to its target path with correct permissions. Called automatically via postStartCommand; silent when no secrets are set.
• export-config.sh — encodes existing config files to base64 and prints them with secret-name labels. Run once after initial init-local-oci.sh setup to capture values for storage as secrets.

Secret → file mapping

Secret	Target	Mode
OCI_CLI_CONFIG	~/.oci/config	600
OCI_CLI_PRIVATE_KEY	path from config	600
OCI_KUBECONFIG	~/.kube/config	600
OCI_BASTION_CONFIG	~/.oci/custom-bastion-config	600
OCI_SSH_PRIVATE_KEY	~/.ssh/id_rsa_oci	600
OCI_SSH_PUBLIC_KEY	~/.ssh/id_rsa_oci.pub	644

devcontainer.json

Added postStartCommand to wire auto-restore into the container lifecycle:

"postStartCommand": "/opt/okeutil/restore-from-secrets.sh"

One-time migration

After completing existing init-local-oci.sh setup, run export-config.sh to get the base64 values, store them as Codespace secrets (GitHub → Settings → Secrets and variables → Codespaces), then all future starts/rebuilds require zero manual intervention.

Original prompt

Enhance devcontainer to retain the oci config, kubeconfig and custom baston config:

1. the values should be extracted from secrets to setup when first start the container
2. minimize user manual steps on the setup and restore

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.