mynix
/
agenix
mirror of https://github.com/ryantm/agenix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7 from ryantm/issue5 

use only ~/.ssh/id_rsa and ~/.ssh/id_ed25519 for decryption; friendlier error message when no identity
This commit is contained in:
Ryan Mulligan 2020-12-18 20:07:22 -08:00 committed by GitHub
parent 8af97149b2 de625b5298
commit 092ba8b166
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkgs/agenix.nix
View File

@ -105,10 +105,16 @@ function edit {
if [ -f "$FILE" ]
then
DECRYPT=("''${DEFAULT_DECRYPT[@]}")
while IFS= read -r key
do
DECRYPT+=(--identity "$key")
done <<<"$((find ~/.ssh -maxdepth 1 -type f -not -name "*pub" -not -name "config" -not -name "authorized_keys" -not -name "known_hosts") || exit 1)"
if [ -f "$HOME/.ssh/id_rsa" ]; then
DECRYPT+=(--identity "$HOME/.ssh/id_rsa")
fi
if [ -f "$HOME/.ssh/id_ed25519" ]; then
DECRYPT+=(--identity "$HOME/.ssh/id_ed25519")
fi
if [[ "''${DECRYPT[*]}" != *"--identity"* ]]; then
echo "No identity found to decrypt $FILE. Try adding an SSH key at $HOME/.ssh/id_rsa or $HOME/.ssh/id_ed25519 or using the --identity flag to specify a file."
exit 1
fi
DECRYPT+=(-o "$CLEARTEXT_FILE" "$FILE")
${ageBin} "''${DECRYPT[@]}" || exit 1
cp "$CLEARTEXT_FILE" "$CLEARTEXT_FILE.before"