teidesu/nixfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixfiles/agenix-edit

66 lines
1.2 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
set +euo pipefail
if [ "$1" == "--unsafe" ]; then
is_unsafe=true
shift
else
is_unsafe=false
fi
if [ "$1" == "--cat" ]; then
is_cat=true
shift
else
is_cat=false
fi
name="$1"
script_dir=$(dirname "$(readlink -f "$0")")
if [ "$is_unsafe" == "true" ]; then
name="UNSAFE.$name"
public_key=$(cat "$script_dir/ssh/agenix-unsafe.pub")
else
public_key=$(cat "$script_dir/ssh/agenix.pub")
fi
fullname="$script_dir/secrets/$name.age"
if [ -z "$name" ]; then
echo "Usage: $0 <name>"
exit 1
fi
tempfile="$(mktemp)"
micro_config_dir="$(mktemp -d)"
trap "rm -rf $tempfile $micro_config_dir" EXIT
cat > "$tempfile" <<EOF
{
"$fullname".publicKeys = [ "$public_key" ];
}
EOF
echo '{"eofnewline": false}' > "$micro_config_dir/settings.json"
export MICRO_CONFIG_HOME="$micro_config_dir"
export EDITOR=micro
export RULES="$tempfile"
if [ "$is_unsafe" == "true" ]; then
private_path="$script_dir/secrets/unsafe.key"
else
if [ "$(uname)" == "Darwin" ]; then
private_path="$HOME/.ssh/agenix-key"
else
private_path="/etc/ssh/agenix-key"
fi
fi
if [ "$is_cat" == "true" ]; then
export EDITOR=cat
fi
agenix -e "$fullname" --identity "$private_path"
Reference in a new issue View git blame Copy permalink