From 9083e64fb9805b6f44b4f6997e6a5181cbc4a1ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Thu, 30 Sep 2021 13:48:27 +0200 Subject: [PATCH] Swap order of age ssh keys and the key file It makes more sense to import the key when we have one and ignore the SSH keys instead of only importing the key when we have no SSH keys. This is because we import all SSH keys by default in the module and using a key file means the use has to explicitly unset the SSH keys. --- pkgs/sops-install-secrets/main.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go index f1bfa86..0d847d8 100644 --- a/pkgs/sops-install-secrets/main.go +++ b/pkgs/sops-install-secrets/main.go @@ -645,15 +645,15 @@ func installSecrets(args []string) error { os.Setenv("GNUPGHOME", manifest.GnupgHome) } - if len(manifest.AgeSshKeyPaths) != 0 { + if manifest.AgeKeyFile != "" { + os.Setenv("SOPS_AGE_KEY_FILE", manifest.AgeKeyFile) + } else if len(manifest.AgeSshKeyPaths) != 0 { keyfile := filepath.Join(manifest.SecretsMountPoint, "age-keys.txt") err = importAgeSSHKeys(manifest.AgeSshKeyPaths, keyfile) if err != nil { return err } os.Setenv("SOPS_AGE_KEY_FILE", keyfile) - } else if manifest.AgeKeyFile != "" { - os.Setenv("SOPS_AGE_KEY_FILE", manifest.AgeKeyFile) } if err := decryptSecrets(manifest.Secrets); err != nil {