From c6110fbfca34e05b8ce8ec75bfbf5874fbe9f1d2 Mon Sep 17 00:00:00 2001 From: enggnr <129082112+enggnr@users.noreply.github.com> Date: Wed, 19 Jul 2023 10:15:46 +0530 Subject: [PATCH] Script to store secrets to keyring (#63) --- ...ange_after_05-envchain-import-secrets.tmpl | 27 +++++++++++++++++++ software.yml | 8 +++--- 2 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 home/.chezmoiscripts/universal/run_onchange_after_05-envchain-import-secrets.tmpl diff --git a/home/.chezmoiscripts/universal/run_onchange_after_05-envchain-import-secrets.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_05-envchain-import-secrets.tmpl new file mode 100644 index 00000000..f287f469 --- /dev/null +++ b/home/.chezmoiscripts/universal/run_onchange_after_05-envchain-import-secrets.tmpl @@ -0,0 +1,27 @@ +{{- if and (ne .host.distro.family "windows") (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) -}} +#!/usr/bin/env bash +# @file Store Secrets in Keyring +# @brief Stores secret environment variables into the System keyring +# @description +# This script imports secret environment variables into the System keyring if `envchain` is installed. +# Secrets stored in the folder 'home/.chezmoitemplates/secrets' following the Install Doctor method are +# imported into the System keyring by this script. There is only one namespace called `default` where the +# secrets are stored. Executing `envchain default env` displays all the environment variables and their values. +# +# ## Secrets +# +# For more information about storing secrets like SSH keys and API keys, refer to our [Secrets documentation](https://install.doctor/docs/customization/secrets). + +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} + +### Import environment variables into `envchain` +if command -v envchain > /dev/null; then + logg info 'Importing environment variables into the System keyring' + for file in {{ joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "*" }}; do + cat "$file" | chezmoi decrypt | envchain -s default "$(basename $file)" > /dev/null || logg info 'Importing "$(basename $file)" failed' + done +else + logg info '`envchain` is not installed or it is not available in the PATH' +fi +{{ end -}} diff --git a/software.yml b/software.yml index f69aacf4..91630e7c 100644 --- a/software.yml +++ b/software.yml @@ -2569,7 +2569,7 @@ softwarePackages: cask: prezi-video orbstack: _bin: orb - _github: + _github: _name: OrbStack _when:cask: '! test -d /Applications/OrbStack.app && ! test -d $HOME/Applications/OrbStack.app' cask: orbstack @@ -2647,7 +2647,7 @@ softwarePackages: _docs: https://github.com/sorah/envchain#usage _github: https://github.com/sorah/envchain _home: https://github.com/sorah/envchain - _name: envconsul + _name: envchain brew: envchain github: github.com/sorah/envchain _envchain:deps: @@ -6088,7 +6088,7 @@ softwarePackages: generator-ngx-rocket: _bin: ngx _github: https://github.com/ngx-rocket/generator-ngx-rocket - _name: Angular + _name: Angular npm: generator-ngx-rocket ngxtop: _bin: ngxtop @@ -7531,7 +7531,7 @@ softwarePackages: zypper: xrdp yay: xrdp kasmvnc: - _bin: + _bin: dnf: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm responsively: _bin: null