diff options
Diffstat (limited to 'edit-secrets')
| -rwxr-xr-x | edit-secrets | 21 | 
1 files changed, 4 insertions, 17 deletions
| diff --git a/edit-secrets b/edit-secrets index 08ec257..742321f 100755 --- a/edit-secrets +++ b/edit-secrets @@ -32,19 +32,13 @@ if [ "x$1" != "x-l" ]; then      trap "rm -f $TMPFILE $TMPFILE2" EXIT -    ssh -t $host /var/cache/cosmos/repo/edit-secrets -l -    scp -q $host:$LAST_OUTPUT_FILENAME $TMPFILE +    ssh -t root@$host /var/cache/cosmos/repo/edit-secrets -l +    scp -q root@$host:$LAST_OUTPUT_FILENAME $TMPFILE      if grep ^"STATUS=UPDATED" $TMPFILE > /dev/null; then  	# extract the path of the file that should be updated in the Cosmos repo -        save_to=$(grep ^"SAVE_TO=" $TMPFILE | cut -d = -f 2-) -	if [ ! -f $save_to ]; then -	    echo "$0: Output file $save_to doesn't exist" -	    echo "    (leaving output in $TMPFILE)" -	    rm $TMPFILE2 -	    trap EXIT  # clear trap command to preserve $TMPFILE -	    exit 1 -	fi +        save_to="${host}/overlay/etc/hiera/data/secrets.yaml.asc" +        mkdir -p "`dirname $save_to`"  	# extract the GPG output  	perl -e '$a = 0; while (<>) { $a = 1 if ($_ =~ /-+BEGIN PGP MESSAGE-+/);                   print $_ if $a; $a = 0 if ($_ =~ /-+END PGP MESSAGE-+/); }' < $TMPFILE > $TMPFILE2 @@ -132,17 +126,10 @@ else      # figure out this hosts gpg key id      recipient=$($GPG --list-secret-key | grep ^sec | head -1 | awk '{print $2}' | cut -d / -f 2) -    save_to="`hostname --fqdn`/overlay${SECRETFILE}"      echo ""      (  	echo "STATUS=UPDATED" -	echo "SAVE_TO=$save_to"  	echo ""      ) > $LAST_OUTPUT_FILENAME      $GPG --output - --armor --recipient $recipient --sign --encrypt $TMPFILE >> $LAST_OUTPUT_FILENAME -    echo "" -    echo "GPG output saved in $LAST_OUTPUT_FILENAME - save it in Cosmos as" -    echo "" -    echo "  $save_to" -    echo ""  fi | 
