show-physical backup (aws): extract devices encryption keys #1080
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In general we use
nixops show-physical -d test backup xxxxxxx
to get the mapping between the devices and the snapshots then we use the output to deploy a new env using these snapshot, but when using encrypted volumes, another manually (and tedious) steps to extract and put the keys in that file is needed.This pr Aims to include that automatically.
Not sure if this can be considered bad practice from security perspective but since the keys are already in the state file and we are just extracting and formatting them, i don't think thats an issue.
Tested this with non encrypted and encrypted volumes created as separate/non separate resources.