blob: f3848d233cca7f1e19c2c6fe5673228e3de04558 [file] [log] [blame]
#!/usr/bin/env bash
# A wrapper around real nixops to decrypt GCP secret.
if [ -z "$hscloud_root" ]; then
echo 2>&1 "Please source env.sh"
exit 1
fi
for f in sa.json sa.pem; do
plain="$hscloud_root/gcp/secrets/plain/$f"
cipher="$hscloud_root/gcp/secrets/cipher/$f"
if [ ! -f "$plain" ]; then
secretstore decrypt "$cipher" > "$plain"
fi
done
export GCE_PROJECT="hscloud"
export GCE_SERVICE_ACCOUNT="nixops@hscloud.iam.gserviceaccount.com"
export ACCESS_KEYPATH="$hscloud_root/gcp/secrets/plain/sa.pem"
nixops.bin "$@"