#!/bin/bash
if [ -z "$1" ]; then
  echo "Usage: $0 <environment>"
  exit 1
fi
NAME="$1"
shift

BIN=$(which gpg2)
if [ $? -ne 0 ]; then
  BIN=$(which gpg)
fi

$BIN --decrypt --batch --no-tty --quiet < "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg"

# Ansible up to including 2.6 seems to have a bug which ignores the setting of 'vault_id_match = True'
# in ansible.cfg (or the equivalent environment variable).
#
# To make it possible to use ansible-vault view as a textconv filter for git, we need to support
# the case that some people do not have access to all vaults.  So let's return an invalid
# secret, and pretend success.
if [ $? -ne 0 ]; then
  echo This is my secret. There are many others like it, but this one is mine. My secret is my best friend. It is my life. I must master it as I must master my life. Without me, my secret is useless. Without my secret, I am useless. Please do not quote from movies when searching for a passphrase.
  exit 0
fi