From c817f9bc3def0b590bcee70fa0792a48277ab9ee Mon Sep 17 00:00:00 2001 From: Patrick Spek Date: Fri, 6 May 2022 19:24:41 +0200 Subject: Implement "secrets" --- lib/subcommands/init.bash | 7 +++++++ lib/subcommands/var.bash | 12 ++++++++++-- lib/util/config.bash | 1 + 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/lib/subcommands/init.bash b/lib/subcommands/init.bash index c5625f2..46497f5 100644 --- a/lib/subcommands/init.bash +++ b/lib/subcommands/init.bash @@ -32,6 +32,7 @@ init_local() local files=( "$BASHTARD_ETCDIR/defaults" + "$BASHTARD_ETCDIR/secrets" "$BASHTARD_ETCDIR/hosts.d/${BASHTARD_PLATFORM[fqdn]}" "$BASHTARD_ETCDIR/os.d/${BASHTARD_PLATFORM[key]}" "$BASHTARD_ETCDIR/playbooks.d/remotes" @@ -48,6 +49,12 @@ init_local() notice "bashtard/init" "Creating $file" touch -- "$file" done + + chmod 600 -- "$BASHTARD_ETCDIR/secrets" + + cat > "$BASHTARD_ETCDIR/.gitignore" <<-EOF + secrets + EOF } init_remote() diff --git a/lib/subcommands/var.bash b/lib/subcommands/var.bash index 3e8fc0b..4eaf14d 100644 --- a/lib/subcommands/var.bash +++ b/lib/subcommands/var.bash @@ -8,12 +8,14 @@ subcommand() { local key local value + local secret # Handle opts - while getopts ":p:" opt + while getopts ":p:s" opt do case "$opt" in p) export BASHTARD_PLAYBOOK="$OPTARG" ;; + s) secret=1 ;; *) emerg "Unused opt '$opt'?" ;; esac done @@ -40,7 +42,13 @@ subcommand() local kvfile local buffer - kvfile="$BASHTARD_ETCDIR/hosts.d/${BASHTARD_PLATFORM[fqdn]}" + if [[ $secret ]] + then + kvfile="$BASHTARD_ETCDIR/secrets" + else + kvfile="$BASHTARD_ETCDIR/hosts.d/${BASHTARD_PLATFORM[fqdn]}" + fi + buffer="$(tmpfile)" grep -v "^$key=" < "$kvfile" > "$buffer" diff --git a/lib/util/config.bash b/lib/util/config.bash index 06da99a..7918a1e 100644 --- a/lib/util/config.bash +++ b/lib/util/config.bash @@ -16,6 +16,7 @@ config_for() { local files files=( + "$BASHTARD_ETCDIR/secrets" "$BASHTARD_ETCDIR/hosts.d/$host" "$BASHTARD_ETCDIR/os.d/${BASHTARD_PLATFORM[key]}" "$BASHTARD_ETCDIR/defaults" -- cgit v1.1