install.fairie/home/.chezmoiscripts/universal/run_onchange_after_05-envchain-import-secrets.tmpl

28 lines
1.4 KiB
Cheetah
Raw Normal View History

{{- if and (ne .host.distro.family "windows") (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) -}}
#!/usr/bin/env bash
# @file Store Secrets in Keyring
# @brief Stores secret environment variables into the System keyring
# @description
# This script imports secret environment variables into the System keyring if `envchain` is installed.
# Secrets stored in the folder 'home/.chezmoitemplates/secrets' following the Install Doctor method are
# imported into the System keyring by this script. There is only one namespace called `default` where the
# secrets are stored. Executing `envchain default env` displays all the environment variables and their values.
#
# ## Secrets
#
# For more information about storing secrets like SSH keys and API keys, refer to our [Secrets documentation](https://install.doctor/docs/customization/secrets).
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
### Import environment variables into `envchain`
if command -v envchain > /dev/null; then
logg info 'Importing environment variables into the System keyring'
for file in {{ joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "*" }}; do
cat "$file" | chezmoi decrypt | envchain -s default "$(basename $file)" > /dev/null || logg info 'Importing "$(basename $file)" failed'
done
else
logg info '`envchain` is not installed or it is not available in the PATH'
fi
{{ end -}}