557 files merged. Conflicts resolved: - CHANGELOG.md: took refactor/lazy-loading (session changelog) - versions.ncl: took refactor/lazy-loading (adds typedialog entries)
55 lines
2.2 KiB
Text
55 lines
2.2 KiB
Text
|
|
export-env {
|
|
# Get infrastructure path (early return if not set)
|
|
let infra_path = if ("CURRENT_INFRA_PATH" in $env) { $env.CURRENT_INFRA_PATH } else { "" }
|
|
if ($infra_path | is-empty) {
|
|
return
|
|
}
|
|
|
|
# Check vault-service configuration
|
|
let vault_url = if ("VAULT_SERVICE_URL" in $env) { $env.VAULT_SERVICE_URL } else { "" }
|
|
let vault_env = if ("PROVISIONING_ENV" in $env) { $env.PROVISIONING_ENV } else { "dev" }
|
|
let use_vault = (not ($vault_url | is-empty)) and ($vault_url | str starts-with "http")
|
|
|
|
if $use_vault {
|
|
# Attempt to fetch public key from vault-service
|
|
let response = (http get $"($vault_url)/api/v1/age/get-public?env=($vault_env)" | complete)
|
|
|
|
if $response.exit_code == 0 {
|
|
let json = ($response.stdout | from json)
|
|
let public_key = ($json | get -o public_key | default "")
|
|
|
|
if not ($public_key | is-empty) {
|
|
$env.SOPS_AGE_RECIPIENTS = $public_key
|
|
print $"✓ Age public key loaded from vault-service for ($vault_env)"
|
|
return
|
|
}
|
|
}
|
|
|
|
print "⚠️ Could not fetch Age key from vault-service, using filesystem fallback"
|
|
}
|
|
|
|
# Fallback: Load from filesystem
|
|
let kloud_path = if ("CURRENT_KLOUD_PATH" in $env) { $env.CURRENT_KLOUD_PATH } else { "" }
|
|
let base_path = if ($kloud_path | is-empty) { $infra_path } else { $kloud_path }
|
|
|
|
$env.PROVISIONING_SOPS = (get_def_sops $base_path)
|
|
$env.PROVISIONING_KAGE = (get_def_age $base_path)
|
|
|
|
# Parse filesystem Age key
|
|
let kage_file = if ("PROVISIONING_KAGE" in $env) { $env.PROVISIONING_KAGE } else { "" }
|
|
if not ($kage_file | is-empty) {
|
|
$env.SOPS_AGE_KEY_FILE = $kage_file
|
|
|
|
let key_line = (grep "public key:" $env.SOPS_AGE_KEY_FILE | head -n 1 | default "")
|
|
let key_parts = ($key_line | split row ":" | each { |x| $x | str trim })
|
|
let public_key = if ($key_parts | length) > 1 { $key_parts | get 1 } else { "" }
|
|
|
|
if not ($public_key | is-empty) {
|
|
$env.SOPS_AGE_RECIPIENTS = $public_key
|
|
} else {
|
|
print $"❗Error no key found in (_ansi red_bold)($kage_file)(_ansi reset) file"
|
|
exit 1
|
|
}
|
|
}
|
|
}
|