Sergiusz Bazanski | a4b3767 | 2019-05-15 19:23:38 +0200 | [diff] [blame] | 1 | #!/usr/bin/env bash |
| 2 | |
| 3 | # A wrapper around real nixops to decrypt GCP secret. |
| 4 | |
| 5 | if [ -z "$hscloud_root" ]; then |
| 6 | echo 2>&1 "Please source env.sh" |
| 7 | exit 1 |
| 8 | fi |
| 9 | |
Sergiusz Bazanski | cd6d0e7 | 2019-05-17 18:10:23 +0200 | [diff] [blame] | 10 | for f in sa.json sa.pem; do |
| 11 | plain="$hscloud_root/gcp/secrets/plain/$f" |
| 12 | cipher="$hscloud_root/gcp/secrets/cipher/$f" |
Sergiusz Bazanski | a4b3767 | 2019-05-15 19:23:38 +0200 | [diff] [blame] | 13 | if [ ! -f "$plain" ]; then |
| 14 | secretstore decrypt "$cipher" > "$plain" |
| 15 | fi |
| 16 | done |
| 17 | |
Sergiusz Bazanski | cd6d0e7 | 2019-05-17 18:10:23 +0200 | [diff] [blame] | 18 | export GCE_PROJECT="hscloud" |
| 19 | export GCE_SERVICE_ACCOUNT="nixops@hscloud.iam.gserviceaccount.com" |
| 20 | export ACCESS_KEYPATH="$hscloud_root/gcp/secrets/plain/sa.pem" |
| 21 | |
Sergiusz Bazanski | 96c428f | 2019-11-17 19:00:46 +0100 | [diff] [blame] | 22 | ./external/nixops/bin/nixops "$@" |