mynix/agenix
1
0
Fork 0
mirror of https://github.com/ryantm/agenix.git synced 2024-11-21 17:20:47 +03:00
Code Issues Projects Releases Packages Wiki Activity

Test rekeying via agenix CLI

Browse source 
This test copies the example `secrets.nix` and age files and uses the
user key to rekey them. It compares the hash before and after to ensure
that the age file is actually being changed.
This commit is contained in:
Nathan Henrie 2023-02-16 14:19:42 -07:00
parent 9e361f8b39
commit 0b5c4b8c8f
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
test/integration.nix
View file

@ -64,5 +64,19 @@ pkgs.nixosTest {
system1.send_chars("whoami > /tmp/1\n")
system1.wait_for_file("/tmp/1")
assert "${user}" in system1.succeed("cat /tmp/1")
system1.succeed('cp -a "${../example}/." /tmp/secrets')
system1.succeed('chmod u+w /tmp/secrets/*.age')
before_hash = system1.succeed('sha256sum /tmp/secrets/passwordfile-user1.age').split()
print(system1.succeed('cd /tmp/secrets; agenix -r -i /home/user1/.ssh/id_ed25519'))
after_hash = system1.succeed('sha256sum /tmp/secrets/passwordfile-user1.age').split()
# Ensure we actually have hashes
for h in [before_hash, after_hash]:
assert len(h) == 2, "hash should be [hash, filename]"
assert h[1] == "/tmp/secrets/passwordfile-user1.age", "filename is incorrect"
assert len(h[0].strip()) == 64, "hash length is incorrect"
assert before_hash[0] != after_hash[0], "hash did not change with rekeying"
'';
}