Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 61 lines (49 sloc) 1.48 KB
#!/bin/bash -e
# This script reads docker-worker store in passwordstore and writes
# up deploy.json.
#
# Use: deploy/bin/import-docker-worker-secrets
#
# Notice you must have taskcluster passwordstore cloned and configured.
# See ssh://gitolite3@git-internal.mozilla.org/taskcluster/secrets.git
# for details.
base_dir=/tmp/docker-worker-secrets/${DEPLOYMENT}
rm -rf $base_dir
mkdir -p $base_dir
chmod 0700 $base_dir
read -s -p "Enter your gpg passphrase, or enter for none (e.g., Yubikey): " passphrase
if [ -n "$passphrase" ]; then
export PASSWORD_STORE_GPG_OPTS="--passphrase=$passphrase"
else
echo
echo '(no passphrase set)'
fi
# read the secrets into a shell array
declare -A SECRETS
set-secret() {
echo "Setting secret $1" >&2
SECRETS[$1]="${2}"
}
source <(pass show docker-worker/${DEPLOYMENT}) || exit 1
get-secret() {
if [ ${SECRETS[$1]+_} ]; then
echo "${SECRETS[$1]}"
else
echo "Secret $1 not defined" >&2
exit 1
fi
}
get-secret livelog-tls-key > $base_dir/docker-worker-cert.key
chmod 0600 $base_dir/docker-worker-cert.key
get-secret ed25519-cot-signing-key > $base_dir/docker-worker-cot-ed25519-signing.key
chmod 0600 $base_dir/docker-worker-cot-ed25519-signing.key
papertrail=$(get-secret papertrail-url)
echo '
{
"debug.level": "",
"sslKeyLocation": "'$base_dir/docker-worker-cert.key'",
"cotEd25519SigningKey": "'$base_dir/docker-worker-cot-ed25519-signing.key'",
"papertrail": "'$papertrail'"
}
' > deploy/deploy.json
cat deploy/deploy.json
You can’t perform that action at this time.