Fix: do not assume users use age keys in vars/sops

With added support for PGP for users keys, do not assume an age key is going to be present in secrets files.
2024-09-29 19:27:20 -07:00
parent 30d0afe75b
commit 710b832066
1 changed files with 1 additions and 1 deletions
--- a/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py
+++ b/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py
@@ -229,7 +229,7 @@ class SecretStore(SecretStoreBase):
    ) -> bool:
        secret_path = self.secret_path(generator_name, secret_name, shared)
        secret = json.loads((secret_path / "secret").read_text())
-        recipients = [r["recipient"] for r in secret["sops"]["age"]]
+        recipients = [r["recipient"] for r in (secret["sops"].get("age") or [])]
        machines_folder_path = sops_machines_folder(self.machine.flake_dir)
        machine_pubkey = json.loads(
            (machines_folder_path / self.machine.name / "key.json").read_text()