about summary refs log tree commit diff
path: root/tools/kms_pass
diff options
context:
space:
mode:
authorVincent Ambo <tazjin@google.com>2019-11-15T15·26+0000
committerVincent Ambo <tazjin@google.com>2019-11-15T15·26+0000
commitc1c379848a19a31de8febb1385c7b9e4d2a474a3 (patch)
treef019521edfb4590b6c59d84e77c422a21671ca89 /tools/kms_pass
parent4d852e2ef73a0901a3426ae5ab93232b6a0a8ed2 (diff)
chore(nix): Move files around to conform to new read-tree layout
Broadly speaking, the following things are included:

* there is now a uniform `args` struct that is passed to all
  derivations, package headers have been changed appropriately
* overrides are now loaded from a separate `override` folder just
  using read-tree.nix
* third-party packages have moved into the `third_party` attribute set
Diffstat (limited to 'tools/kms_pass')
-rw-r--r--tools/kms_pass/default.nix22
1 files changed, 11 insertions, 11 deletions
diff --git a/tools/kms_pass/default.nix b/tools/kms_pass/default.nix
index fbc17650a948..113db30224de 100644
--- a/tools/kms_pass/default.nix
+++ b/tools/kms_pass/default.nix
@@ -6,10 +6,10 @@
 #
 # Only the 'show' and 'insert' commands are supported.
 
-{ google-cloud-sdk, tree, writeShellScriptBin
-, project, region, keyring, key }:
+{ pkgs, kms, ... }:
 
-writeShellScriptBin "pass" ''
+let inherit (pkgs) google-cloud-sdk tree writeShellScriptBin;
+in writeShellScriptBin "pass" ''
   set -eo pipefail
 
   CMD="$1"
@@ -34,20 +34,20 @@ writeShellScriptBin "pass" ''
     show)
       secret_check
       ${google-cloud-sdk}/bin/gcloud kms decrypt \
-        --project ${project} \
-        --location ${region} \
-        --keyring ${keyring} \
-        --key ${key} \
+        --project ${kms.project} \
+        --location ${kms.region} \
+        --keyring ${kms.keyring} \
+        --key ${kms.key} \
         --ciphertext-file $SECRET_PATH \
         --plaintext-file -
       ;;
     insert)
       secret_check
       ${google-cloud-sdk}/bin/gcloud kms encrypt \
-        --project ${project} \
-        --location ${region} \
-        --keyring ${keyring} \
-        --key ${key} \
+        --project ${kms.project} \
+        --location ${kms.region} \
+        --keyring ${kms.keyring} \
+        --key ${kms.key} \
         --ciphertext-file $SECRET_PATH \
         --plaintext-file -
       echo "Inserted secret '$SECRET'"