Only access any secret file in .envrc when decrypted

author: EuAndreh <eu@euandre.org> 2019-06-11 15:38:48 -0300
committer: EuAndreh <eu@euandre.org> 2019-06-11 15:38:48 -0300
commit: 8cc7f3921c0135a6c82ec70d54e7bb2d950b7219 (patch)
tree: 777aa0b509cf78729929a615ebe8a474769a909c
parent: Only source ./secrets/secret-envrc.sh when decrypted. (diff)
download: server-8cc7f3921c0135a6c82ec70d54e7bb2d950b7219.tar.gz
server-8cc7f3921c0135a6c82ec70d54e7bb2d950b7219.tar.xz
1 files changed, 8 insertions, 6 deletions
diff --git a/.envrc b/.envrc
index acc0678..4170055 100644
--- a/.envrc
+++ b/.envrc
@@ -11,10 +11,6 @@ export DESTROY_VOLUME=
 #
 VPS_COMMIT_SHA="$(cat .git/refs/heads/master)"
 export VPS_COMMIT_SHA
-SSH_SERVER_PRIVATE_KEY="$(cat ./secrets/ssh/vps-box-server)"
-export SSH_SERVER_PRIVATE_KEY
-SSH_SERVER_PUBLIC_KEY="$(cat ./secrets/ssh/vps-box-server.pub)"
-export SSH_SERVER_PUBLIC_KEY
 # Used for keeping bash variables for run-time substituion instead of execution time substitution.
 # Taken from:
 # https://stackoverflow.com/questions/24963705/is-there-an-escape-character-for-envsubst
@@ -36,6 +32,12 @@ export NIX_PATH=nixpkgs=channel:nixos-unstable
 if [[ "$(file -b ./secrets/secret-envrc.sh)" = "data" ]];
 then
   echo 'The ./secrets/secret-envrc.sh is encrypted, not sourcing it.'
-else
-  source ./secrets/secret-envrc.sh
+  exit
 fi
+
+SSH_SERVER_PRIVATE_KEY="$(cat ./secrets/ssh/vps-box-server)"
+export SSH_SERVER_PRIVATE_KEY
+SSH_SERVER_PUBLIC_KEY="$(cat ./secrets/ssh/vps-box-server.pub)"
+export SSH_SERVER_PUBLIC_KEY
+
+source ./secrets/secret-envrc.sh
author	EuAndreh <eu@euandre.org>	2019-06-11 15:38:48 -0300
committer	EuAndreh <eu@euandre.org>	2019-06-11 15:38:48 -0300
commit	8cc7f3921c0135a6c82ec70d54e7bb2d950b7219 (patch)
tree	777aa0b509cf78729929a615ebe8a474769a909c
parent	Only source ./secrets/secret-envrc.sh when decrypted. (diff)
download	server-8cc7f3921c0135a6c82ec70d54e7bb2d950b7219.tar.gz server-8cc7f3921c0135a6c82ec70d54e7bb2d950b7219.tar.xz