From c1c379848a19a31de8febb1385c7b9e4d2a474a3 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Fri, 15 Nov 2019 15:26:08 +0000 Subject: chore(nix): Move files around to conform to new read-tree layout Broadly speaking, the following things are included: * there is now a uniform `args` struct that is passed to all derivations, package headers have been changed appropriately * overrides are now loaded from a separate `override` folder just using read-tree.nix * third-party packages have moved into the `third_party` attribute set --- tools/kms_pass/default.nix | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'tools/kms_pass/default.nix') diff --git a/tools/kms_pass/default.nix b/tools/kms_pass/default.nix index fbc17650a9..113db30224 100644 --- a/tools/kms_pass/default.nix +++ b/tools/kms_pass/default.nix @@ -6,10 +6,10 @@ # # Only the 'show' and 'insert' commands are supported. -{ google-cloud-sdk, tree, writeShellScriptBin -, project, region, keyring, key }: +{ pkgs, kms, ... }: -writeShellScriptBin "pass" '' +let inherit (pkgs) google-cloud-sdk tree writeShellScriptBin; +in writeShellScriptBin "pass" '' set -eo pipefail CMD="$1" @@ -34,20 +34,20 @@ writeShellScriptBin "pass" '' show) secret_check ${google-cloud-sdk}/bin/gcloud kms decrypt \ - --project ${project} \ - --location ${region} \ - --keyring ${keyring} \ - --key ${key} \ + --project ${kms.project} \ + --location ${kms.region} \ + --keyring ${kms.keyring} \ + --key ${kms.key} \ --ciphertext-file $SECRET_PATH \ --plaintext-file - ;; insert) secret_check ${google-cloud-sdk}/bin/gcloud kms encrypt \ - --project ${project} \ - --location ${region} \ - --keyring ${keyring} \ - --key ${key} \ + --project ${kms.project} \ + --location ${kms.region} \ + --keyring ${kms.keyring} \ + --key ${kms.key} \ --ciphertext-file $SECRET_PATH \ --plaintext-file - echo "Inserted secret '$SECRET'" -- cgit 1.4.1