Script to store secrets to keyring (#63)

This commit is contained in:
enggnr 2023-07-19 10:15:46 +05:30 committed by GitHub
parent 5659eae991
commit c6110fbfca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 4 deletions

View file

@ -0,0 +1,27 @@
{{- if and (ne .host.distro.family "windows") (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) -}}
#!/usr/bin/env bash
# @file Store Secrets in Keyring
# @brief Stores secret environment variables into the System keyring
# @description
# This script imports secret environment variables into the System keyring if `envchain` is installed.
# Secrets stored in the folder 'home/.chezmoitemplates/secrets' following the Install Doctor method are
# imported into the System keyring by this script. There is only one namespace called `default` where the
# secrets are stored. Executing `envchain default env` displays all the environment variables and their values.
#
# ## Secrets
#
# For more information about storing secrets like SSH keys and API keys, refer to our [Secrets documentation](https://install.doctor/docs/customization/secrets).
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
### Import environment variables into `envchain`
if command -v envchain > /dev/null; then
logg info 'Importing environment variables into the System keyring'
for file in {{ joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "*" }}; do
cat "$file" | chezmoi decrypt | envchain -s default "$(basename $file)" > /dev/null || logg info 'Importing "$(basename $file)" failed'
done
else
logg info '`envchain` is not installed or it is not available in the PATH'
fi
{{ end -}}

View file

@ -2569,7 +2569,7 @@ softwarePackages:
cask: prezi-video cask: prezi-video
orbstack: orbstack:
_bin: orb _bin: orb
_github: _github:
_name: OrbStack _name: OrbStack
_when:cask: '! test -d /Applications/OrbStack.app && ! test -d $HOME/Applications/OrbStack.app' _when:cask: '! test -d /Applications/OrbStack.app && ! test -d $HOME/Applications/OrbStack.app'
cask: orbstack cask: orbstack
@ -2647,7 +2647,7 @@ softwarePackages:
_docs: https://github.com/sorah/envchain#usage _docs: https://github.com/sorah/envchain#usage
_github: https://github.com/sorah/envchain _github: https://github.com/sorah/envchain
_home: https://github.com/sorah/envchain _home: https://github.com/sorah/envchain
_name: envconsul _name: envchain
brew: envchain brew: envchain
github: github.com/sorah/envchain github: github.com/sorah/envchain
_envchain:deps: _envchain:deps:
@ -6088,7 +6088,7 @@ softwarePackages:
generator-ngx-rocket: generator-ngx-rocket:
_bin: ngx _bin: ngx
_github: https://github.com/ngx-rocket/generator-ngx-rocket _github: https://github.com/ngx-rocket/generator-ngx-rocket
_name: Angular _name: Angular
npm: generator-ngx-rocket npm: generator-ngx-rocket
ngxtop: ngxtop:
_bin: ngxtop _bin: ngxtop
@ -7531,7 +7531,7 @@ softwarePackages:
zypper: xrdp zypper: xrdp
yay: xrdp yay: xrdp
kasmvnc: kasmvnc:
_bin: _bin:
dnf: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm dnf: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
responsively: responsively:
_bin: null _bin: null