prvng_core/nulib/sops_env.nu
Jesús Pérez 316622a78f
merge(refactor/lazy-loading): ADR-025 lazy-loading complete
557 files merged. Conflicts resolved:
  - CHANGELOG.md: took refactor/lazy-loading (session changelog)
  - versions.ncl: took refactor/lazy-loading (adds typedialog entries)
2026-04-17 23:09:56 +01:00

55 lines
2.2 KiB
Text

export-env {
# Get infrastructure path (early return if not set)
let infra_path = if ("CURRENT_INFRA_PATH" in $env) { $env.CURRENT_INFRA_PATH } else { "" }
if ($infra_path | is-empty) {
return
}
# Check vault-service configuration
let vault_url = if ("VAULT_SERVICE_URL" in $env) { $env.VAULT_SERVICE_URL } else { "" }
let vault_env = if ("PROVISIONING_ENV" in $env) { $env.PROVISIONING_ENV } else { "dev" }
let use_vault = (not ($vault_url | is-empty)) and ($vault_url | str starts-with "http")
if $use_vault {
# Attempt to fetch public key from vault-service
let response = (http get $"($vault_url)/api/v1/age/get-public?env=($vault_env)" | complete)
if $response.exit_code == 0 {
let json = ($response.stdout | from json)
let public_key = ($json | get -o public_key | default "")
if not ($public_key | is-empty) {
$env.SOPS_AGE_RECIPIENTS = $public_key
print $"✓ Age public key loaded from vault-service for ($vault_env)"
return
}
}
print "⚠️ Could not fetch Age key from vault-service, using filesystem fallback"
}
# Fallback: Load from filesystem
let kloud_path = if ("CURRENT_KLOUD_PATH" in $env) { $env.CURRENT_KLOUD_PATH } else { "" }
let base_path = if ($kloud_path | is-empty) { $infra_path } else { $kloud_path }
$env.PROVISIONING_SOPS = (get_def_sops $base_path)
$env.PROVISIONING_KAGE = (get_def_age $base_path)
# Parse filesystem Age key
let kage_file = if ("PROVISIONING_KAGE" in $env) { $env.PROVISIONING_KAGE } else { "" }
if not ($kage_file | is-empty) {
$env.SOPS_AGE_KEY_FILE = $kage_file
let key_line = (grep "public key:" $env.SOPS_AGE_KEY_FILE | head -n 1 | default "")
let key_parts = ($key_line | split row ":" | each { |x| $x | str trim })
let public_key = if ($key_parts | length) > 1 { $key_parts | get 1 } else { "" }
if not ($public_key | is-empty) {
$env.SOPS_AGE_RECIPIENTS = $public_key
} else {
print $"❗Error no key found in (_ansi red_bold)($kage_file)(_ansi reset) file"
exit 1
}
}
}