#!/usr/bin/env bash | |
# A wrapper around real nixops to decrypt GCP secret. | |
if [ -z "$hscloud_root" ]; then | |
echo 2>&1 "Please source env.sh" | |
exit 1 | |
fi | |
for f in sa.json; do | |
plain="$hscloud_root/gcp/secrets/plain/sa.json" | |
cipher="$hscloud_root/gcp/secrets/cipher/sa.json" | |
if [ ! -f "$plain" ]; then | |
secretstore decrypt "$cipher" > "$plain" | |
fi | |
done | |
nixops.bin "$@" |