Sergiusz Bazanski | a4b3767 | 2019-05-15 19:23:38 +0200 | [diff] [blame^] | 1 | #!/usr/bin/env bash |
2 | |||||
3 | # A wrapper around real nixops to decrypt GCP secret. | ||||
4 | |||||
5 | if [ -z "$hscloud_root" ]; then | ||||
6 | echo 2>&1 "Please source env.sh" | ||||
7 | exit 1 | ||||
8 | fi | ||||
9 | |||||
10 | for f in sa.json; do | ||||
11 | plain="$hscloud_root/gcp/secrets/plain/sa.json" | ||||
12 | cipher="$hscloud_root/gcp/secrets/cipher/sa.json" | ||||
13 | if [ ! -f "$plain" ]; then | ||||
14 | secretstore decrypt "$cipher" > "$plain" | ||||
15 | fi | ||||
16 | done | ||||
17 | |||||
18 | nixops.bin "$@" |