From be7bad2c1221f57f4600f732ba31349e8e872a50 Mon Sep 17 00:00:00 2001 From: Ryan Mulligan Date: Fri, 18 Dec 2020 19:23:47 -0800 Subject: [PATCH 1/2] use only ~/.ssh/id_rsa and ~/.ssh/id_ed25519 for decryption fixes #5 --- pkgs/agenix.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pkgs/agenix.nix b/pkgs/agenix.nix index cae142a..ec4bcd8 100644 --- a/pkgs/agenix.nix +++ b/pkgs/agenix.nix @@ -105,10 +105,12 @@ function edit { if [ -f "$FILE" ] then DECRYPT=("''${DEFAULT_DECRYPT[@]}") - while IFS= read -r key - do - DECRYPT+=(--identity "$key") - done <<<"$((find ~/.ssh -maxdepth 1 -type f -not -name "*pub" -not -name "config" -not -name "authorized_keys" -not -name "known_hosts") || exit 1)" + if [ -f "$HOME/.ssh/id_rsa" ]; then + DECRYPT+=(--identity "$HOME/.ssh/id_rsa") + fi + if [ -f "$HOME/.ssh/id_ed25519" ]; then + DECRYPT+=(--identity "$HOME/.ssh/id_ed25519") + fi DECRYPT+=(-o "$CLEARTEXT_FILE" "$FILE") ${ageBin} "''${DECRYPT[@]}" || exit 1 cp "$CLEARTEXT_FILE" "$CLEARTEXT_FILE.before" From de625b5298cbe12d970bcdd29c263103b239ad1e Mon Sep 17 00:00:00 2001 From: Ryan Mulligan Date: Fri, 18 Dec 2020 19:57:48 -0800 Subject: [PATCH 2/2] add friendlier error message in the event of no identity fixes #6 --- pkgs/agenix.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/agenix.nix b/pkgs/agenix.nix index ec4bcd8..d6a5dc0 100644 --- a/pkgs/agenix.nix +++ b/pkgs/agenix.nix @@ -111,6 +111,10 @@ function edit { if [ -f "$HOME/.ssh/id_ed25519" ]; then DECRYPT+=(--identity "$HOME/.ssh/id_ed25519") fi + if [[ "''${DECRYPT[*]}" != *"--identity"* ]]; then + echo "No identity found to decrypt $FILE. Try adding an SSH key at $HOME/.ssh/id_rsa or $HOME/.ssh/id_ed25519 or using the --identity flag to specify a file." + exit 1 + fi DECRYPT+=(-o "$CLEARTEXT_FILE" "$FILE") ${ageBin} "''${DECRYPT[@]}" || exit 1 cp "$CLEARTEXT_FILE" "$CLEARTEXT_FILE.before"