Encrypt attached log

3 files changed, 6 insertions, 3 deletions

diff --git a/TODOs.org b/TODOs.org
index dbd9dc8..96fbebe 100644
--- a/TODOs.org
+++ b/TODOs.org
@@ -143,11 +143,12 @@ Right now, secrets are scattered between the two repositories. By moving I can c
 ** TODO Run backup on Terraform destroy action instead of manually in =provision.sh=
 ** DONE Explicitly destroy Droplets before running Terraform apply
 CLOSED: [2019-06-05 Wed 19:48]
-** TODO Store updated =.tfstate= even in case of deployment failure
+** NEXT Store updated =.tfstate= even in case of deployment failure
 Right now the script fails on Terraform commands before reaching git commands. I should trap the error, store on git and only then fail.
 ** DONE Fix alias in =bash-profile.sh=
 CLOSED: [2019-06-10 Mon 09:01]
-** TODO Email verbose (Ansible) log files in case of error
+** DONE Email verbose (Ansible) log files in case of error
+CLOSED: [2019-06-10 Mon 16:59]
 builds.sr.ht only emails the link. Should it be extended to support encrypted log attachments?
 ** TODO Use environment variables for SSH key paths and volume mounts
 ** DONE Don't allow backups to fail
diff --git a/scripts/ci/mail.sh b/scripts/ci/mail.sh
index 420c35f..8585cf1 100755
--- a/scripts/ci/mail.sh
+++ b/scripts/ci/mail.sh
@@ -35,6 +35,8 @@ EOF
 )
 
 cat ./logs/*.txt > "${ATTACHMENT_PATH}"
+gpg -r "${GPG_TO}"          \
+    -e "${ATTACHMENT_PATH}"
 
 curl "${MAILGUN_URL}"          \
      -s                        \
@@ -43,4 +45,4 @@ curl "${MAILGUN_URL}"          \
      -F to="${MAILGUN_TO}"     \
      -F subject="${SUBJECT}"   \
      -F text="${BODY}"         \
-     -F attachment="@${ATTACHMENT_PATH}"
+     -F attachment="@${ATTACHMENT_PATH}.gpg"
diff --git a/secrets/envrc.sh b/secrets/envrc.sh
index 62b27c6..10efe8e 100644
--- a/secrets/envrc.sh
+++ b/secrets/envrc.sh