From 4c9da9c6043148e99fabd791a6addccacb17e585 Mon Sep 17 00:00:00 2001
From: Tero Halla-aho <thallaa@gmail.com>
Date: Sat, 20 Dec 2025 21:51:13 +0200
Subject: [PATCH] Allow age key from ~/.config/age or creds/age-key

---
 deploy/build.sh | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/deploy/build.sh b/deploy/build.sh
index 1c3f0b3..f8ff53a 100755
--- a/deploy/build.sh
+++ b/deploy/build.sh
@@ -4,7 +4,21 @@ set -euo pipefail
 cd "$(dirname "$0")/.."
 source deploy/env.sh
 
-AGE_KEY_FILE="${SOPS_AGE_KEY_FILE:-$HOME/.config/age/keys.txt}"
+AGE_KEY_FILE_CANDIDATES=(
+  "${SOPS_AGE_KEY_FILE:-}"
+  "$HOME/.config/age/keys.txt"
+  "$PWD/creds/age-key.txt"
+)
+AGE_KEY_FILE=""
+for candidate in "${AGE_KEY_FILE_CANDIDATES[@]}"; do
+  if [[ -n "$candidate" && -f "$candidate" ]]; then
+    AGE_KEY_FILE="$candidate"
+    break
+  fi
+done
+if [[ -z "$AGE_KEY_FILE" ]]; then
+  AGE_KEY_FILE="$HOME/.config/age/keys.txt"
+fi
 AGE_RECIPIENT="age1hkehkc2rryjl975c2mg5cghmjr54n4wjshncl292h2eg5l394fhs4uydrh"
 ENCRYPTED_SECRETS_FILE="${ENCRYPTED_SECRETS_FILE:-$PWD/creds/secrets.enc.env}"
 
@@ -34,7 +48,7 @@ check_age_setup() {
   require_cmd sops
   local repo_age_key="$PWD/creds/age-key.txt"
   if [[ ! -f "$AGE_KEY_FILE" ]]; then
-    echo "Age key file not found at $AGE_KEY_FILE. Copy creds/age-key.txt or set SOPS_AGE_KEY_FILE." >&2
+    echo "Age key file not found at $AGE_KEY_FILE. Copy $repo_age_key or set SOPS_AGE_KEY_FILE." >&2
     exit 1
   fi
   local has_key="0"