yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

facts/sops: no longer upload age key

Browse Source 
The vars backend already does this for us.
This avoids duplicated work.
This commit is contained in:
Jörg Thalheim
2025-05-02 13:34:05 +02:00
parent 6d75a5596e
commit b79446f97e
3 changed files with 31 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
pkgs/clan-cli/clan_cli/facts/secret_modules/sops.py
View File

@@ -1,4 +1,5 @@
from pathlib import Path
from typing import override
from clan_cli.machines.machines import Machine
from clan_cli.secrets.folders import sops_secrets_folder
@@ -58,13 +59,10 @@ class SecretStore(SecretStoreBase):
sops_secrets_folder(self.machine.flake_dir) / f"{self.machine.name}-{name}",
)
@override
def needs_upload(self) -> bool:
return False
# We rely now on the vars backend to upload the age key
def upload(self, output_dir: Path) -> None:
key_name = f"{self.machine.name}-age.key"
if not has_secret(sops_secrets_folder(self.machine.flake_dir) / key_name):
# skip uploading the secret, not managed by us
return
key = decrypt_secret(
self.machine.flake_dir,
sops_secrets_folder(self.machine.flake_dir) / key_name,
)
(output_dir / "key.txt").write_text(key)
pass