gitea-admin
/
communication-keys
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

common sense: avoids printing secrets by default after sops update

Browse Source 
moving the "for verification" dump back into the verify script
ADP-216-uat-sops-step2
LeeW 10 months ago
parent 4ad6e82752
commit bcf9de5e7a
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File

3
bin/update_sops.sh
Unescape Escape View File

@ -114,9 +114,6 @@ fn_sops_updatekeys_and_verify(){
# "update the keys of SOPS files using the config file" # "update the keys of SOPS files using the config file"
>&2 echo "# RUN: sops updatekeys ${sops_enc_file}" >&2 echo "# RUN: sops updatekeys ${sops_enc_file}"
sops updatekeys "${sops_enc_file}" sops updatekeys "${sops_enc_file}"
# verify: dump secrets, GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
GPG_TTY=$(tty) sops -d "${sops_enc_file}"
} }
function main(){ function main(){

3
verify/usr_confirm_keycfg.sh
Unescape Escape View File

@ -14,6 +14,9 @@ set -x
# within current dir: update .sops.yaml, update keys in encrypted file # within current dir: update .sops.yaml, update keys in encrypted file
../bin/update_sops.sh -c "${PWD}" "${secrets_file}" ../bin/update_sops.sh -c "${PWD}" "${secrets_file}"
# verify: dump secrets, GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
GPG_TTY=$(tty) sops -d "${secrets_file}"
# Special Case: Add caveat header # Special Case: Add caveat header
cat <<EOM > .sops.yaml.tmp cat <<EOM > .sops.yaml.tmp
# PURPOSE: BLUEPRINT for .sops.yaml config # PURPOSE: BLUEPRINT for .sops.yaml config

Write Preview
Loading…
Cancel
Save