| #!/usr/bin/env bash |
| |
| # A wrapper around real nixops to decrypt GCP secret. |
| |
| if [ -z "$hscloud_root" ]; then |
| echo 2>&1 "Please source env.sh" |
| exit 1 |
| fi |
| |
| for f in sa.json sa.pem; do |
| plain="$hscloud_root/gcp/secrets/plain/$f" |
| cipher="$hscloud_root/gcp/secrets/cipher/$f" |
| if [ ! -f "$plain" ]; then |
| secretstore decrypt "$cipher" > "$plain" |
| fi |
| done |
| |
| export GCE_PROJECT="hscloud" |
| export GCE_SERVICE_ACCOUNT="nixops@hscloud.iam.gserviceaccount.com" |
| export ACCESS_KEYPATH="$hscloud_root/gcp/secrets/plain/sa.pem" |
| |
| ./external/nixops/bin/nixops "$@" |