Blame - tools/nixops.sh - hscloud

blob: f3848d233cca7f1e19c2c6fe5673228e3de04558 [file] [log] [blame]

Sergiusz Bazanski	a4b3767	2019-05-15 19:23:38 +0200	[diff] [blame]	1	#!/usr/bin/env bash
				2
				3	# A wrapper around real nixops to decrypt GCP secret.
				4
				5	if [ -z "$hscloud_root" ]; then
				6	echo 2>&1 "Please source env.sh"
				7	exit 1
				8	fi
				9
Sergiusz Bazanski	cd6d0e7	2019-05-17 18:10:23 +0200	[diff] [blame]	10	for f in sa.json sa.pem; do
				11	plain="$hscloud_root/gcp/secrets/plain/$f"
				12	cipher="$hscloud_root/gcp/secrets/cipher/$f"
Sergiusz Bazanski	a4b3767	2019-05-15 19:23:38 +0200	[diff] [blame]	13	if [ ! -f "$plain" ]; then
				14	secretstore decrypt "$cipher" > "$plain"
				15	fi
				16	done
				17
Sergiusz Bazanski	cd6d0e7	2019-05-17 18:10:23 +0200	[diff] [blame]	18	export GCE_PROJECT="hscloud"
				19	export GCE_SERVICE_ACCOUNT="nixops@hscloud.iam.gserviceaccount.com"
				20	export ACCESS_KEYPATH="$hscloud_root/gcp/secrets/plain/sa.pem"
				21
Sergiusz Bazanski	a4b3767	2019-05-15 19:23:38 +0200	[diff] [blame]	22	nixops.bin "$@"