diff options
| author | Vincent Ambo <mail@tazj.in> | 2020-06-29T21·14+0100 |
|---|---|---|
| committer | tazjin <mail@tazj.in> | 2020-06-29T21·24+0000 |
| commit | dc079778669968429b475c0e7ce020951fe769da (patch) | |
| tree | 6d466032054137e474280d6de666a89ea3dae045 /ops/kms_pass.nix | |
| parent | d3f9cb0ec398d25a3be01cbc7c9b1ee8716b877f (diff) | |
chore(ops): Clean up old GCP infrastructure files r/1130
This removes almost all of the GCP-infrastructure leftovers from my previous setup. The DNS configuration is retained, but moves to my user folder instead. Change-Id: I1867acd379443882f11a3c645846c9902eadd5b0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/782 Tested-by: BuildkiteCI Reviewed-by: eta <eta@theta.eu.org> Reviewed-by: isomer <isomer@tvl.fyi>
Diffstat (limited to 'ops/kms_pass.nix')
| -rw-r--r-- | ops/kms_pass.nix | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/ops/kms_pass.nix b/ops/kms_pass.nix deleted file mode 100644 index 2399559b4da8..000000000000 --- a/ops/kms_pass.nix +++ /dev/null @@ -1,61 +0,0 @@ -# This tool mimics a subset of the interface of 'pass', but uses -# Google Cloud KMS for encryption. -# -# It is intended to be compatible with how 'kontemplate' invokes -# 'pass.' -# -# Only the 'show' and 'insert' commands are supported. - -{ depot, kms, ... }: - -let inherit (depot.third_party) google-cloud-sdk tree writeShellScriptBin; -in (writeShellScriptBin "pass" '' - set -eo pipefail - - CMD="$1" - readonly SECRET=$2 - readonly SECRETS_DIR=${./secrets} - readonly SECRET_PATH="$SECRETS_DIR/$SECRET" - - function secret_check { - if [[ -z $SECRET ]]; then - echo 'Secret must be specified' - exit 1 - fi - } - - if [[ -z $CMD ]]; then - CMD="ls" - fi - - case "$CMD" in - ls) - ${tree}/bin/tree $SECRETS_DIR - ;; - show) - secret_check - ${google-cloud-sdk}/bin/gcloud kms decrypt \ - --project ${kms.project} \ - --location ${kms.region} \ - --keyring ${kms.keyring} \ - --key ${kms.key} \ - --ciphertext-file $SECRET_PATH \ - --plaintext-file - - ;; - insert) - secret_check - ${google-cloud-sdk}/bin/gcloud kms encrypt \ - --project ${kms.project} \ - --location ${kms.region} \ - --keyring ${kms.keyring} \ - --key ${kms.key} \ - --ciphertext-file $SECRET_PATH \ - --plaintext-file - - echo "Inserted secret '$SECRET'" - ;; - *) - echo "Usage: pass show/insert <secret>" - exit 1 - ;; - esac -'') // { meta.enableCI = true; } |