mirror of
https://github.com/ryantm/agenix.git
synced 2024-08-16 09:30:26 +03:00
Compare commits
4 Commits
13b69f4aa7
...
8f90a3ecd2
Author | SHA1 | Date | |
---|---|---|---|
|
8f90a3ecd2 | ||
|
8d37c5bdea | ||
|
63a57d8dfb | ||
|
2c9abfec86 |
@ -445,7 +445,7 @@ Example:
|
||||
#### `age.secrets.<name>.symlink`
|
||||
|
||||
`age.secrets.<name>.symlink` is a boolean. If true (the default),
|
||||
secrets are symlinked to `age.secrets.<name>.path`. If false, secerts
|
||||
secrets are symlinked to `age.secrets.<name>.path`. If false, secrets
|
||||
are copied to `age.secrets.<name>.path`. Usually, you want to keep
|
||||
this as true, because it secure cleanup of secrets no longer
|
||||
used. (The symlink will still be there, but it will be broken.) If
|
||||
|
@ -3,6 +3,7 @@
|
||||
stdenv,
|
||||
age,
|
||||
jq,
|
||||
gnused,
|
||||
nix,
|
||||
mktemp,
|
||||
diffutils,
|
||||
@ -18,6 +19,7 @@ in
|
||||
src = substituteAll {
|
||||
inherit ageBin version;
|
||||
jqBin = "${jq}/bin/jq";
|
||||
sedBin = "${gnused}/bin/sed";
|
||||
nixInstantiate = "${nix}/bin/nix-instantiate";
|
||||
mktempBin = "${mktemp}/bin/mktemp";
|
||||
diffBin = "${diffutils}/bin/diff";
|
||||
|
@ -115,7 +115,7 @@ function cleanup {
|
||||
trap "cleanup" 0 2 3 15
|
||||
|
||||
function keys {
|
||||
(@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in rules.\"$1\".publicKeys)" | @jqBin@ -r .[]) || exit 1
|
||||
(@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in rules.\"$1\".publicKeys)" | @jqBin@ -r .[] | @sedBin@ '/^$/d') || exit 1
|
||||
}
|
||||
|
||||
function decrypt {
|
||||
|
Loading…
Reference in New Issue
Block a user