punkfairie/install.fairie
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
install.fairie/home/dot_local/bin/post-installx/executable_post-envchain.sh
Brian Zalewski 2731e1121b Latest
2024-05-28 03:45:14 +00:00

55 lines
2.5 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# @file Store Secrets in Keyring
# @brief Stores secret environment variables into the System keyring
# @description
# This script imports secret environment variables into the System keyring if `envchain` is installed.
# Secrets stored in the folder 'home/.chezmoitemplates/secrets' following the Install Doctor method are
# imported into the System keyring by this script. There is only one namespace called `default` where the
# secrets are stored. Executing `envchain default env` displays all the environment variables and their values.
#
# ## Secrets
#
# For more information about storing secrets like SSH keys and API keys, refer to our [Secrets documentation](https://install.doctor/docs/customization/secrets).
#
# ## TODO
#
# * Create seperate environments based on encrypted secret type (e.g. Allow `envchain cloudflare env` instead of `envchain default env` for everything)
set -Eeuo pipefail
trap "gum log -sl error 'Script encountered an error!'" ERR
### Import environment variables into `envchain`
if command -v envchain > /dev/null; then
if [ -f "$HOME/.config/age/chezmoi.txt" ]; then
gum log -sl info 'Importing environment variables into the system keyring'
ANSWERS=""
KEY_NAMES=""
while read ENCRYPTED_FILE; do
gum log -sl info "Preparing secret for injection into system keyring via envchain" file "$(basename "$ENCRYPTED_FILE")"
### Populate token key ID
KEY_NAME="$(basename "$ENCRYPTED_FILE")"
if [ "$KEY_NAMES" == '' ]; then
KEY_NAMES="$KEY_NAME"
else
KEY_NAMES="$KEY_NAMES $KEY_NAME"
fi
### Populate token secret
ANSWER="$(cat "$ENCRYPTED_FILE" | chezmoi decrypt)"
if [ "$ANSWERS" == '' ]; then
ANSWERS="$ANSWER"
else
ANSWERS="$ANSWERS $ANSWER"
fi
done< <(find "${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/home/.chezmoitemplates/secrets" -type f -maxdepth 1 -mindepth 1)
### Import keys into system keychain
gum log -sl info "Importing secrets into keychain under the 'default' namespace (e.g. Use envchain default env to print all the tokens)"
printf '%s\n' $ANSWERS | envchain --set default $KEY_NAMES
gum log -sl info "Added Chezmoi-managed secrets into System keyring via envchain"
else
gum log -sl warn 'Unable to import any variables into envchain because ~/.config/age/chezmoi.txt was not created by the secrets encryption process yet'
fi
else
gum log -sl warn 'envchain is not installed or it is not available in the PATH'
fi
Reference in a new issue View git blame Copy permalink