2019-05-15 17:23:38 +00:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
|
|
# A wrapper around real nixops to decrypt GCP secret.
|
|
|
|
|
|
|
|
|
|
if [ -z "$hscloud_root" ]; then
|
|
|
|
|
echo 2>&1 "Please source env.sh"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2019-05-17 16:10:23 +00:00
|
|
|
for f in sa.json sa.pem; do
|
|
|
|
|
plain="$hscloud_root/gcp/secrets/plain/$f"
|
|
|
|
|
cipher="$hscloud_root/gcp/secrets/cipher/$f"
|
2019-05-15 17:23:38 +00:00
|
|
|
if [ ! -f "$plain" ]; then
|
|
|
|
|
secretstore decrypt "$cipher" > "$plain"
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
2019-05-17 16:10:23 +00:00
|
|
|
export GCE_PROJECT="hscloud"
|
|
|
|
|
export GCE_SERVICE_ACCOUNT="nixops@hscloud.iam.gserviceaccount.com"
|
|
|
|
|
export ACCESS_KEYPATH="$hscloud_root/gcp/secrets/plain/sa.pem"
|
|
|
|
|
|
2019-05-15 17:23:38 +00:00
|
|
|
nixops.bin "$@"
|
