diff options
Diffstat (limited to 'gpg/get-vault-pass.sh')
| -rwxr-xr-x | gpg/get-vault-pass.sh | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/gpg/get-vault-pass.sh b/gpg/get-vault-pass.sh index 202c94f7..6cf2ff9a 100755 --- a/gpg/get-vault-pass.sh +++ b/gpg/get-vault-pass.sh @@ -1,2 +1,20 @@ #!/bin/bash -gpg2 --decrypt --batch < "${BASH_SOURCE%/*}/vault-pass.gpg" 2> /dev/null +if [ -z "$1" ]; then + echo "Usage: $0 <environment>" + exit 1 +fi +NAME="$1" +shift + +gpg2 --decrypt --batch --no-tty --quiet < "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg" + +# Ansible up to including 2.6 seems to have a bug which ignores the setting of 'vault_id_match = True' +# in ansible.cfg (or the equivalent environment variable). +# +# To make it possible to use ansible-vault view as a textconv filter for git, we need to support +# the case that some people do not have access to all vaults. So let's return an invalid +# secret, and pretend success. +if [ $? -ne 0 ]; then + echo This is my secret. There are many others like it, but this one is mine. My secret is my best friend. It is my life. I must master it as I must master my life. Without me, my secret is useless. Without my secret, I am useless. Please do not quote from movies when searching for a passphrase. + exit 0 +fi |