From b027ee29d959fda4b60b57566d64c98a202e0feb Mon Sep 17 00:00:00 2001
From: Slavek Kabrda <slavek.kabrda@gmail.com>
Date: Wed, 4 Feb 2026 01:31:49 +0100
Subject: [PATCH] fix: enable running rekey in a non-interactive shell (#362)

* fix: enable running rekey in a non-interactive shell

* chore: rerun CI

---------

Co-authored-by: Slavek Kabrda <slavek.kabrda@loftorbital.com>
---
 pkgs/agenix.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/pkgs/agenix.sh b/pkgs/agenix.sh
index 0b08a3a..072805e 100644
--- a/pkgs/agenix.sh
+++ b/pkgs/agenix.sh
@@ -162,16 +162,19 @@ function edit {
 
     [ ! -f "$CLEARTEXT_FILE" ] || cp -- "$CLEARTEXT_FILE" "$CLEARTEXT_FILE.before"
 
-    [ -t 0 ] || EDITOR='cp -- /dev/stdin'
+    # only edit if we're not rekeying
+    if [ "${EDITOR:-}" != ":" ]; then
+      [ -t 0 ] || EDITOR='cp -- /dev/stdin'
 
-    $EDITOR "$CLEARTEXT_FILE"
+      $EDITOR "$CLEARTEXT_FILE"
+    fi
 
     if [ ! -f "$CLEARTEXT_FILE" ]
     then
       warn "$FILE wasn't created."
       return
     fi
-    [ -f "$FILE" ] && [ "$EDITOR" != ":" ] && @diffBin@ -q -- "$CLEARTEXT_FILE.before" "$CLEARTEXT_FILE" && warn "$FILE wasn't changed, skipping re-encryption." && return
+    [ -f "$FILE" ] && [ "${EDITOR:-}" != ":" ] && @diffBin@ -q -- "$CLEARTEXT_FILE.before" "$CLEARTEXT_FILE" && warn "$FILE wasn't changed, skipping re-encryption." && return
 
     ENCRYPT=()
     if [[ "$ARMOR" == "true" ]]; then