RGBCube/agenix
1
Fork 0
mirror of https://github.com/RGBCube/agenix synced 2025-07-31 02:37:45 +00:00
Code Issues Activity Actions

use unstable verison of rage in place of age

Browse source 
* age limits the number of recipients to 20
* the latest release of rage (0.4.0) doesn't work with ssh-rsa keys
This commit is contained in:
Ryan Mulligan 2020-09-18 11:59:01 -07:00
parent d2dc883f3a
commit 07ce686870
5 changed files with 74 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

10
pkgs/agenix.nix
View file

@ -1,4 +1,8 @@
{writeShellScriptBin, runtimeShell, age} :
{writeShellScriptBin, runtimeShell, pkgs} :
let
rage = pkgs.callPackage ./rage.nix {};
ageBin = "${rage}/bin/rage";
in
writeShellScriptBin "agenix" ''
set -Eeuo pipefail
@ -103,7 +107,7 @@ function edit {
DECRYPT+=(--identity "$key")
done <<<"$((find ~/.ssh -maxdepth 1 -type f -not -name "*pub" -not -name "config" -not -name "authorized_keys" -not -name "known_hosts") || exit 1)"
DECRYPT+=(-o "$CLEARTEXT_FILE" "$FILE")
${age}/bin/age "''${DECRYPT[@]}" || exit 1
${ageBin} "''${DECRYPT[@]}" || exit 1
cp "$CLEARTEXT_FILE" "$CLEARTEXT_FILE.before"
fi
@ -127,7 +131,7 @@ function edit {
ENCRYPT+=(-o "$REENCRYPTED_FILE")
${age}/bin/age "''${ENCRYPT[@]}" <"$CLEARTEXT_FILE" || exit 1
${ageBin} "''${ENCRYPT[@]}" <"$CLEARTEXT_FILE" || exit 1
mv -f "$REENCRYPTED_FILE" "$1"
}