Fail fast if sops keys cannot decrypt secrets
This commit is contained in:
Tero Halla-aho
parent
438abe536b
commit
22240e5080
1 changed files with 10 additions and 0 deletions
|
|
@ -6,6 +6,7 @@ source deploy/env.sh
|
||||||
|
|
||||||
AGE_KEY_FILE="${SOPS_AGE_KEY_FILE:-$HOME/.config/age/keys.txt}"
|
AGE_KEY_FILE="${SOPS_AGE_KEY_FILE:-$HOME/.config/age/keys.txt}"
|
||||||
AGE_RECIPIENT="age1hkehkc2rryjl975c2mg5cghmjr54n4wjshncl292h2eg5l394fhs4uydrh"
|
AGE_RECIPIENT="age1hkehkc2rryjl975c2mg5cghmjr54n4wjshncl292h2eg5l394fhs4uydrh"
|
||||||
|
ENCRYPTED_SECRETS_FILE="${ENCRYPTED_SECRETS_FILE:-$PWD/creds/secrets.enc.env}"
|
||||||
|
|
||||||
require_cmd() {
|
require_cmd() {
|
||||||
local cmd="$1"
|
local cmd="$1"
|
||||||
|
|
@ -63,6 +64,15 @@ EOF
|
||||||
fi
|
fi
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
export SOPS_AGE_KEY_FILE="${SOPS_AGE_KEY_FILE:-$AGE_KEY_FILE}"
|
||||||
|
if [[ -f "$ENCRYPTED_SECRETS_FILE" ]]; then
|
||||||
|
if ! sops -d "$ENCRYPTED_SECRETS_FILE" >/dev/null 2>&1; then
|
||||||
|
echo "sops could not decrypt $ENCRYPTED_SECRETS_FILE with the configured keys." >&2
|
||||||
|
echo "Export SOPS_AGE_KEY_FILE to point at the correct key (e.g., creds/age-key.txt)." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
echo "Running pre-flight checks..."
|
echo "Running pre-flight checks..."
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue