From 59c09a114c390f622ca379e15872f8c1e5f105bd Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Tue, 30 Jan 2024 11:57:07 +0100
Subject: [PATCH] secrets modules: pass secrets as bytes

---
 pkgs/clan-cli/clan_cli/secrets/generate.py               | 2 +-
 pkgs/clan-cli/clan_cli/secrets/modules/password_store.py | 4 ++--
 pkgs/clan-cli/clan_cli/secrets/modules/sops.py           | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkgs/clan-cli/clan_cli/secrets/generate.py b/pkgs/clan-cli/clan_cli/secrets/generate.py
index 8c5d7fdfb..f9e07dcbc 100644
--- a/pkgs/clan-cli/clan_cli/secrets/generate.py
+++ b/pkgs/clan-cli/clan_cli/secrets/generate.py
@@ -74,7 +74,7 @@ def generate_secrets(machine: Machine) -> None:
                         msg = f"did not generate a file for '{secret}' when running the following command:\n"
                         msg += machine.secrets_data[service]["generator"]
                         raise ClanError(msg)
-                    secret_store.set(service, secret, secret_file.read_text())
+                    secret_store.set(service, secret, secret_file.read_bytes())
                 # store facts
                 for name, fact_path in machine.secrets_data[service]["facts"].items():
                     fact_file = facts_dir / name
diff --git a/pkgs/clan-cli/clan_cli/secrets/modules/password_store.py b/pkgs/clan-cli/clan_cli/secrets/modules/password_store.py
index 52a8c9523..8e1ffc27d 100644
--- a/pkgs/clan-cli/clan_cli/secrets/modules/password_store.py
+++ b/pkgs/clan-cli/clan_cli/secrets/modules/password_store.py
@@ -10,13 +10,13 @@ class SecretStore:
     def __init__(self, machine: Machine) -> None:
         self.machine = machine
 
-    def set(self, service: str, name: str, value: str) -> None:
+    def set(self, service: str, name: str, value: bytes) -> None:
         subprocess.run(
             nix_shell(
                 ["nixpkgs#pass"],
                 ["pass", "insert", "-m", f"machines/{self.machine.name}/{name}"],
             ),
-            input=value.encode("utf-8"),
+            input=value,
             check=True,
         )
 
diff --git a/pkgs/clan-cli/clan_cli/secrets/modules/sops.py b/pkgs/clan-cli/clan_cli/secrets/modules/sops.py
index a9cd10ff8..6c434e329 100644
--- a/pkgs/clan-cli/clan_cli/secrets/modules/sops.py
+++ b/pkgs/clan-cli/clan_cli/secrets/modules/sops.py
@@ -28,11 +28,11 @@ class SecretStore:
         )
         add_machine(self.machine.flake_dir, self.machine.name, pub_key, False)
 
-    def set(self, _service: str, name: str, value: str) -> None:
+    def set(self, _service: str, name: str, value: bytes) -> None:
         encrypt_secret(
             self.machine.flake_dir,
             sops_secrets_folder(self.machine.flake_dir) / f"{self.machine.name}-{name}",
-            value,
+            value.decode(),
             add_machines=[self.machine.name],
         )