mynix/agenix
1
0
Fork 0
mirror of https://github.com/ryantm/agenix.git synced 2024-11-01 08:39:54 +03:00
Code Issues Projects Releases Packages Wiki Activity
314 commits 4 branches 12 tags 597 KiB
Commit graph

55 commits

Author SHA1 Message Date
Nathan Henrie
c2fc0762bb
Merge pull request #241 from sternenseemann/nix-2.3-install-check 
agenix: fix installCheckPhase with Nix 2.3
 2024-05-24 08:40:46 -06:00
Ellis Gibbons
2c1d1fb134
fix: allow for newlines in keys 2024-04-12 17:50:07 -04:00
sternenseemann
1746e4f5ec agenix: fix installCheckPhase with Nix 2.3 
As opposed to e.g. Nix 2.18, Nix 2.3 doesn't try to create a fallback
store in $HOME if $NIX_STORE_DIR and $NIX_STATE_DIR aren't writable.
 2024-02-01 13:30:22 +01:00
Ryan Mulligan
a23aa271be dev: reland add direct tests for agenix 
Why
===
* We'd like some tests for the CLI
* Last time we tried it failed on macos

What changed
===
* This time, we try to create the temp diretory in a way that works
with macos too
 2023-12-23 14:47:15 -08:00
Ryan Mulligan
bc24f2e510 Revert "Revert "contrib: add direct tests for agenix "" 
This reverts commit 08dc5068e6.
 2023-12-23 14:43:03 -08:00
Ryan Mulligan
5c1198a352 feat: switch from rage to age 
Why
===
* Someone said age works better with password protected keys,
requiring entering the password less often.
* We switched to rage from age in
07ce686870
because it was limiting recipients to 20. This was fixed
https://github.com/FiloSottile/age/issues/139

What changed
===
* Switch from rage back to age (the reference implementation) in all
the spots
* Update the docs to show how to switch back to Rage
* Skip keys that are empty files, which fixes the integration test.
 2023-12-23 14:09:16 -08:00
Ryan Mulligan
08dc5068e6
Revert "contrib: add direct tests for agenix " 2023-12-22 07:48:06 -08:00
Ryan Mulligan
097aa18b59 contrib: add direct tests for agenix 
These tests are MUCH faster than the NixOS tests.
 2023-12-20 13:06:57 -08:00
Ryan Mulligan
564595d0ad version 0.15.0 2023-12-20 08:33:16 -08:00
Samuele Facenda
9d3b37a117 fix: update keys functions in agenix.sh 
The functions was always called with `$FILE` as first argument, but inside the argument is ignored. This change doesn' have any impact, but can solve problems caused by the keys function called with an argument different from `$FILE`
 2023-12-20 08:08:56 -08:00
Ryan Mulligan
6cb7cd66c2
Merge pull request #221 from CobaltCause/edit-mkdir-p 
create leading directories if they don't exist
 2023-12-20 07:42:34 -08:00
Shiva Kaul
4c48606094 only backup cleartext file if it exists 
Avoids complaints from `cp` about nonexistent files.
 2023-11-28 16:05:48 -08:00
Charles Hall
65fe5959c3
create leading directories if they don't exist 
This works for files without directories too because `dirname` prints
`.` in that case.
 2023-11-03 15:25:24 -07:00
Charles Hall
05591973d7
use named variable instead of numbered one 2023-11-03 14:53:33 -07:00
Ryan Mulligan
dbc533ddc2
Revert "feat: remove empty newlines from jq query" 2023-10-08 07:31:54 -07:00
Tim Häring
b5fa96a90e
feat: remove empty newlines from jq query 
When you do not have your pubkeys in your `secrets.nix` verbatim as
string but read them from file like this: `desktop1 = builtins.readFile
./desktop1.pub;`, you will end up with empty newlines in the resulting
list of keys, which will add `--recipient=''` arguments to your age
call, failing the call.
 2023-10-08 14:18:54 +02:00
William McKinnon
115e561054 fix: add --strict nix-instantiate to support builtins.readFile 2023-09-22 01:32:46 -04:00
Nathan Henrie
da763b2c4b Don't need concatStringSep if using jq to parse json arrays 2023-09-15 16:22:30 -06:00
Nathan Henrie
eb1386f3b2 Use jq instead of sed 2023-09-15 11:56:22 -06:00
Ryan Mulligan
54693c91d9 version 0.14.0 2023-09-14 16:20:33 -07:00
Wanja Hentze
40550f0619 fix truncated output when decrypting a large file to stdout via -d 
rage intentionally truncates large output when writing to stdout:
55e52c252b/age/src/cli_common/file_io.rs (L219)
but if told to write to "-" instead, it will not truncate:
55e52c252b/age/src/cli_common/file_io.rs (L312)
 2023-03-14 18:53:32 +01:00
Ryan Mulligan
657789137c doc: add new doc website 
* use mmdoc
* add github pages action to auto publish
* do not edit README for now, will follow up with a commit directs
people to the doc site
 2023-03-04 10:34:29 -08:00
Wanja Hentze
7dae15b7bc fix -d/--decrypt-only not working correctly for binary data 
I had first used `printf` for outputting the data,
but that breaks if the secret itself contains null bytes.

One could fix this by using e.g. `cat`, but looking a bit more at the code
I realized that in the -d case we never need to `mktemp` at all and can
just ask `age` to write directly to stdout by not setting -o.
 2023-02-24 09:00:48 +01:00
muvlon
9cf1967039 feature: add -d/--decrypt option to decrypt a file to stdout 2023-02-22 19:20:58 -08:00
Ryan Mulligan
2c0ae7d44f contrib: stop packaging rage 
We don't need to package rage anymore, since all the latest maintained
versions of Nix have versions higher than what we need.
 2023-02-21 20:33:19 -08:00
Nathan Henrie
283c178469 Add warn and err helpers, use diff -q 2023-02-21 12:46:44 -07:00
Nathan Henrie
d84a99d0b8 Redirect user-directed warnings to stderr 2023-02-21 12:42:19 -07:00
Ryan Mulligan
344c8e41d2 feature: pipe cleartext into agenix -e 
If STDIN is not interactive, change EDITOR to `cp /dev/stdin`.

fixes #33
 2023-02-19 10:20:07 -08:00
Ryan Mulligan
ec396f7a76 fix: if an identity is specified, don't use the default ones 
fixes #151
 2023-02-18 11:55:58 -08:00
Ryan Mulligan
d0b75ddf9a contrib: use mkDerivation for agenix cli 
* use mkDerivation
* separate shell code in own file
* use shellcheck to lint shell code
* remove rage version check since rage is greater than 0.5.0 on all
  maintained nixpkgs
 2023-02-11 13:18:31 -08:00
Ryan Mulligan
16bef569f4 contrib: format Nix code with Alejandra 2023-01-29 10:57:51 -08:00
Ryan Mulligan
6acb1fe5f8 version 0.13.0 2022-09-25 14:22:43 -07:00
Ryan Mulligan
84f0dc0a4f doc: add version to agenix command 2022-09-25 14:14:27 -07:00
Tim Häring
0e2fb13ecf remove newlines in recipient keys file 
if not removed, empty lines will be added to the final encryption
command as --recipient '' which causes the command to fail with invalid
recipient ''
 2022-05-15 20:03:52 +02:00
Chuang Zhu
c2f6bd077c
allow customizing ageBin 2021-12-06 07:08:18 +08:00
Michael Adler
5c1fbaabc2 Make 'diff' an explicit dependency 2021-07-22 13:58:29 +02:00
Ryan Mulligan
85da8b7366 add meta.description 
closes #47
closes #48
 2021-07-20 08:50:08 -07:00
Ryan Mulligan
204bd95d30 fix: pin more uses of sed 2021-05-04 20:28:24 -07:00
Ryan Mulligan
0b6987f914 fix: pin down all binaries outside of coreutils 
The default sed was having trouble with newline splitting on MacOS.
 2021-05-04 06:24:31 -07:00
Ryan Mulligan
a704a85cbd fix Darwin? 2021-02-13 09:46:33 -08:00
Ryan Mulligan
ddb81b8bda Merge branch 'rien/master' fix suppory for aarch64 2021-02-08 18:50:16 -08:00
Felix Scheinost
cd916fad67 Need Foundation to build i18n-embed-fl on darwin 2021-02-04 21:21:23 +01:00
Rien Maertens
017422ed4c
Conditionally build rage if version is below 0.5.0 2021-01-31 22:39:30 +01:00
Rien Maertens
a678a8748c
Update rage to latest package definition 2021-01-31 22:39:25 +01:00
Ryan Mulligan
920acdd8ff add verbose flag 2020-12-19 08:53:44 -08:00
Ryan Mulligan
de625b5298 add friendlier error message in the event of no identity 
fixes #6
 2020-12-18 20:02:13 -08:00
Ryan Mulligan
be7bad2c12 use only ~/.ssh/id_rsa and ~/.ssh/id_ed25519 for decryption 
fixes #5
 2020-12-18 19:23:47 -08:00
Ryan Mulligan
5fcb31e390 show age binary version and path in help message 2020-09-18 13:13:54 -07:00
Ryan Mulligan
07ce686870 use unstable verison of rage in place of age 
* age limits the number of recipients to 20
* the latest release of rage (0.4.0) doesn't work with ssh-rsa keys
 2020-09-18 12:42:20 -07:00
Ryan Mulligan
c89ed72dc6 rename public_keys to publicKeys 
more idiomatic
 2020-09-03 21:13:10 -07:00