Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Added a keyCmd option for fetching a key from local command #1280
The use-case is storing NixOps secrets in encrypted form using, e.g. password-store.
The patch should also apply to the
`deployment.keys.*.keyCmd` option executes a command on the local machine and sends its output as a key to the remote machine. The use-case is storing NixOps secrets in encrypted form using, e.g. password-store. note: rebased and updated against master, and removed a bit of code around storeKeysOnMachine since that feature no longer exists. Co-authored-by: Adam Höse <firstname.lastname@example.org> Co-authored-by: Graham Christensen <email@example.com>
* keyCmd -> keyCommand: clarity over typing * keyCommand: make a list of strings [ "pass" "..." ] vs. [ "pass ..." ] so users don't need to consider shell escaping right away * keyFile: only apply toString if an argument is provided, so we don't need to check for an empty string Co-authored-by: Adam Höse <firstname.lastname@example.org>
Sometimes it wasn't waiting for the command to complete, and the secret was empty. Should be fine now, but just to check: make a script that waits around 15 seconds and see if Nixops blocks on it. If it doesn't, the bug is there.
The fix should've been in one of my branches I use for flakes, so if it isn't fixed, I'll quickly PR it here