thalla/lomavuokraus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lomavuokraus/scripts/load-secrets.sh
Tero Halla-aho 728cb73faf Wire sops+age for secrets
2025-12-11 13:37:55 +02:00

31 lines
835 B
Bash
Raw Blame History

#!/usr/bin/env bash
# Shell helper to export secrets from a single dotenv file.
# Usage: source scripts/load-secrets.sh
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
SECRETS_FILE="${SECRETS_FILE:-$ROOT_DIR/creds/secrets.env}"
ENCRYPTED_FILE="${ENCRYPTED_FILE:-$ROOT_DIR/creds/secrets.enc.env}"
ensure_decrypted() {
if [[ -f "$SECRETS_FILE" ]]; then
return 0
fi
if [[ -f "$ENCRYPTED_FILE" ]]; then
if command -v sops >/dev/null 2>&1; then
echo "Decrypting $ENCRYPTED_FILE -> $SECRETS_FILE"
sops -d "$ENCRYPTED_FILE" >"$SECRETS_FILE"
else
echo "sops not found and $SECRETS_FILE is missing. Install sops or set SECRETS_FILE." >&2
return 1
fi
fi
}
ensure_decrypted || exit 0
echo "Loading secrets from $SECRETS_FILE"
set -a
source "$SECRETS_FILE"
set +a
Reference in a new issue View git blame Copy permalink