ryantm/agenix
1
1
Fork 0
mirror of https://github.com/ryantm/agenix.git synced 2024-09-11 06:05:38 +03:00
Code Issues Projects Releases Wiki Activity

correctly list non-root secrets

Browse Source 
Secrets that are only partly owned by root (i.e. either user or group
are not 'root') are now accounted for during activation.
This commit is contained in:
Aluísio Augusto Silva Gonçalves 2020-12-22 01:34:35 -03:00
parent 553d1f5caa
commit b0a48f587e
No known key found for this signature in database
GPG Key ID: DA6EA2FACDB1CBD2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/age.nix
View File

@ -23,7 +23,7 @@ let
rootOwnedSecrets = builtins.filter (st: st.owner == "root" && st.group == "root") (builtins.attrValues cfg.secrets);
installRootOwnedSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting root secrets...'"] ++ (map installSecret rootOwnedSecrets));
nonRootSecrets = builtins.filter (st: st.owner != "root" && st.group != "root") (builtins.attrValues cfg.secrets);
nonRootSecrets = builtins.filter (st: st.owner != "root" || st.group != "root") (builtins.attrValues cfg.secrets);
installNonRootSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting non-root secrets...'"] ++ (map installSecret nonRootSecrets));
secretType = types.submodule ({ config, ... }: {