yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

vars: allow re-encrypting secrets when recipient keys were added.

Browse Source 
When the users of a secret change, when for example a new admin user is added, an error will be thrown when generating vars, prompting the user to pass --fix to re-encrypt the secrets
This commit is contained in:
DavHau
2024-11-13 18:18:25 +07:00
parent 83b7c6d9a2
commit 54b8f5904e
9 changed files with 221 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkgs/clan-cli/clan_cli/secrets/sops.py
View File

@@ -4,7 +4,7 @@ import json
import os
import shutil
import subprocess
from collections.abc import Iterator
from collections.abc import Iterable, Iterator
from contextlib import contextmanager, suppress
from dataclasses import dataclass
from pathlib import Path
@@ -182,8 +182,9 @@ def sops_manifest(keys: list[tuple[str, KeyType]]) -> Iterator[Path]:
yield Path(manifest.name)
def update_keys(secret_path: Path, keys: list[tuple[str, KeyType]]) -> list[Path]:
with sops_manifest(keys) as manifest:
def update_keys(secret_path: Path, keys: Iterable[tuple[str, KeyType]]) -> list[Path]:
keys_sorted = sorted(keys)
with sops_manifest(keys_sorted) as manifest:
secret_path = secret_path / "secret"
time_before = secret_path.stat().st_mtime
cmd = nix_shell(