Merge df977b7f76 into 9836912e37

2026-01-08 06:37:28 +08:00 · 2025-12-21 15:02:26 -05:00 · 2025-12-21 15:02:26 -05:00 · 51be135cf0
commit 51be135cf0
parent 9836912e37 df977b7f76
6 changed files with 57 additions and 1 deletions
--- a/pkgs/sops-install-secrets/main.go
+++ b/pkgs/sops-install-secrets/main.go
@ -79,6 +79,7 @@ type manifest struct {
 	SSHKeyPaths             []string          `json:"sshKeyPaths"`
 	GnupgHome               string            `json:"gnupgHome"`
 	AgeKeyFile              string            `json:"ageKeyFile"`
+	AgeSSHKeyFile           string            `json:"ageSshKeyFile"`
 	AgeSSHKeyPaths          []string          `json:"ageSshKeyPaths"`
 	UseTmpfs                bool              `json:"useTmpfs"`
 	UserMode                bool              `json:"userMode"`
@ -1341,7 +1342,7 @@ func installSecrets(args []string) error {
 	}

 	// Import age keys
-	if len(manifest.AgeSSHKeyPaths) != 0 || manifest.AgeKeyFile != "" {
+	if (len(manifest.AgeSSHKeyPaths) != 0 || manifest.AgeKeyFile != "") && manifest.AgeSSHKeyFile == "" {
 		keyfile := filepath.Join(manifest.SecretsMountPoint, "age-keys.txt")
 		err = os.Setenv("SOPS_AGE_KEY_FILE", keyfile)
 		if err != nil {
@ -1382,6 +1383,10 @@ func installSecrets(args []string) error {
 		}
 	}

+	if manifest.AgeSSHKeyFile != "" {
+		os.Setenv("SOPS_AGE_SSH_PRIVATE_KEY_FILE", manifest.AgeSSHKeyFile)
+	}
+
 	if err := decryptSecrets(manifest.Secrets); err != nil {
 		return err
 	}