yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
4,854 Commits 120 Branches 6 Tags
41a84f59708546d1abe9a90a486c3c1663cc6483
Commit Graph

61 Commits

Author SHA1 Message Date
DavHau
54b8f5904e vars: allow re-encrypting secrets when recipient keys were added. 
When the users of a secret change, when for example a new admin user is added, an error will be thrown when generating vars, prompting the user to pass --fix to re-encrypt the secrets
 2024-11-13 18:49:30 +07:00
Jörg Thalheim
76aa8d2d82 Revert "Merge pull request 'Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main"' (#2202) from revert into main" 
This reverts commit 23f5abee0d, reversing
changes made to 66a94c91ae.
 2024-10-04 16:36:35 +00:00
Jörg Thalheim
d134d94a1e Revert "Merge pull request 'clan-cli: secrets: Add support for PGP keys with sops-nix' (#2186) from lopter/clan-core:lo-sops-nix-pgp-support into main" 
This reverts commit b956b94039, reversing
changes made to b1af3d5d6d.

Reverting for now as Dave's recent change conflicts with this change.
 2024-10-04 17:54:29 +02:00
Jörg Thalheim
24973370b3 secrets: do not shadow python builtins 2024-10-04 15:36:30 +00:00
Louis Opter
61ceb44a71 Draft: clan-cli: secrets: Add support for PGP keys with sops-nix 
To use a PGP key instead of an age key you can set `SOPS_PGP_FP`. (You
can use `gpg -k --fingerprint --fingerprint` to get your PGP encryption
key fingerprint, remove spaces from it).

The internal manifest file already supported a type field, and so I built
from there.

With those changes, I was able to add my PGP key, and update all my
secrets with it, instead of the age key originally generated:

```
% clan secrets key show | jq
{
  "key": "ADB6276965590A096004F6D1E114CBAE8FA29165",
  "type": "pgp"
}
% clan secrets key update
% for s in $(clan secrets list) ; do clan secrets users add-secret kal-pgp-from-2022-12-to-2024-12 "$s"; done
% for s in $(clan secrets list) ; do clan secrets users remove-secret --debug kal "$s" ; done
```
 2024-10-04 15:36:30 +00:00
DavHau
1f1be62c60 sops: refactor some function names for clarity 2024-10-02 13:56:43 +02:00
DavHau
cf47c1d51a vars: generate proper commit messages 
fixes #2126
 2024-09-17 20:22:18 +02:00
DavHau
a1dd10f502 vars/sops/shared: add machines key on demand 2024-09-12 20:17:05 +02:00
DavHau
8efcd65bed vars: global metadata paths for all store backends 
This also changes the paths where sops stores teh secret -> all sops secrets will have to be re-generated
 2024-09-03 16:30:01 +02:00
Jörg Thalheim
659e5b37dd use pathlib everywhere 2024-09-02 18:26:13 +02:00
Jörg Thalheim
15ff74f7c2 enable ASYNC, DTZ, YTT and EM lints 2024-09-02 14:07:06 +02:00
Jörg Thalheim
e9a266001c enable comprehensions linting rules 2024-09-02 13:35:52 +02:00
Jörg Thalheim
35839ef701 enable bug-bear linting rules 2024-09-02 13:26:07 +02:00
Jörg Thalheim
af4b9cc2d5 make all same-module imports relative, the rest absolute 
This makes sorting more consitent.
 2024-09-02 13:00:19 +02:00
DavHau
ec055f7606 vars: introduce deploy=true/false for generated files 2024-09-01 14:32:46 +02:00
a-kenji
ccdfd0c6fc clan/secrets: improve naming of secret key 
Change the secret key help wording to: `secret-name`,
to convey that it is the key and not the value.

Fixes: #1696
 2024-07-30 12:54:22 +02:00
DavHau
9996f5596c vars/sops: store secrets in /sops/vars 2024-07-24 18:42:50 +07:00
DavHau
ac5d421f84 sops/refactor: lay groundwork for secrets with arbitrary paths 2024-07-24 18:12:19 +07:00
DavHau
0222ebf482 secrets: refactor parameter naming 2024-07-24 17:50:03 +07:00
DavHau
00f7a6300b clan-cli/secrets: refactor: rename secret -> secret_path 2024-07-23 18:18:32 +07:00
Jörg Thalheim
5b606c035f move FlakeId to flake id 
move FlakeId to flake id
 2024-07-03 18:28:55 +02:00
Jörg Thalheim
b4698528ef make machine class now a dataclass 2024-07-03 12:34:43 +02:00
a-kenji
0bd13727de clan: add dynamic-completions to clan secrets set 2024-06-04 15:21:00 +02:00
a-kenji
addc4de735 clan: add more machine completion functions to secrets 2024-06-04 11:07:24 +02:00
a-kenji
31eca9e8bc clan: add dyncamic completions for secrets 2024-06-03 21:47:14 +02:00
lassulus
578162425d Revert "clan-cli: cmd.py uses pseudo terminal now. Remove tty.py. Refactor password_store.py to use cmd.py." 
This reverts commit ba86b49952.
 2024-06-03 12:25:20 +02:00
Qubasa
ba86b49952 clan-cli: cmd.py uses pseudo terminal now. Remove tty.py. Refactor password_store.py to use cmd.py. 2024-06-02 16:52:31 +02:00
DavHau
cf67de2f69 secrets: ensure all added/deleted files get committed 2024-04-24 17:26:32 +07:00
Jörg Thalheim
0fa36252c2 re-encrypt secrets after rotating users/machines keys 2024-03-25 12:34:29 +01:00
lassulus
11bf0b8b9e clan-cli sops: accept bytes 2024-03-03 09:25:40 +01:00
Jörg Thalheim
52fcc91479 Also commit files when adding machines/users or removing secrets 2024-02-22 16:12:11 +01:00
Jörg Thalheim
65d2a4e081 secrets: commit when renaming secrets 2024-02-22 15:59:12 +01:00
Jörg Thalheim
a1e2a4f64a secret cli: accept a pattern in secrets list 2024-02-22 14:21:53 +01:00
Jörg Thalheim
77c84e7471 secrets: add git support when updating secrets 2024-02-20 12:41:52 +01:00
Jörg Thalheim
52c6ad548d improve error message if group does not exists 2024-02-16 17:26:20 +01:00
lassulus
7b3d3e20b4 clan-cli secrets: flake_name -> flake_dir 2023-11-05 16:58:48 +01:00
Qubasa
d02acbe04b nix fmt 2023-10-27 19:19:45 +02:00
Qubasa
8482bc79f6 Secrets tests passing. nix fmt doesn't complain 2023-10-27 19:18:45 +02:00
Qubasa
8cc1c2c4bd Fixed cyclic dependencie AND swapped pytest-parallel for pytest-xdist to fix deadlock in tests 2023-10-27 19:18:45 +02:00
Qubasa
2ca54afe7f Added new type FlakeName 2023-10-27 19:18:45 +02:00
Qubasa
32e60f5adc Added flake_name:str argument everywhere, nix fmt doesn't complain anymore 2023-10-27 19:15:40 +02:00
Jörg Thalheim
ead5c6e6a8 secrets: add has_machine and has_secret function 2023-09-21 17:22:20 +02:00
Jörg Thalheim
17af763ad1 add edit flag to secret cli 2023-09-13 10:52:03 +02:00
Jörg Thalheim
62e5c66867 secrets cli: hint that group/user/machine flags can be repeated 2023-09-07 13:06:31 +02:00
Jörg Thalheim
c3ccf68007 only list valid secrets/users/machines 
Git often leaves empty directories behind
 2023-09-07 12:48:34 +02:00
Jörg Thalheim
949b72bd0b actual implement secret rename function 2023-09-03 11:03:14 +02:00
Jörg Thalheim
10e4db7c19 clan-cli: fix error message 2023-08-30 16:40:42 +02:00
Jörg Thalheim
79c61f61c7 drop black/ruff from dependency list 
those are used implictly by treefmt already
 2023-08-23 16:03:56 +02:00
Jörg Thalheim
e103a4186c add api for secret groups and decrypting secrets 2023-08-09 15:17:43 +02:00
Jörg Thalheim
6c169b0bed print nothing if secret collections are empty 2023-08-09 14:50:04 +02:00