From 8cc7f3921c0135a6c82ec70d54e7bb2d950b7219 Mon Sep 17 00:00:00 2001
From: EuAndreh <eu@euandre.org>
Date: Tue, 11 Jun 2019 15:38:48 -0300
Subject: Only access any secret file in .envrc when decrypted

---
 .envrc | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/.envrc b/.envrc
index acc0678..4170055 100644
--- a/.envrc
+++ b/.envrc
@@ -11,10 +11,6 @@ export DESTROY_VOLUME=
 #
 VPS_COMMIT_SHA="$(cat .git/refs/heads/master)"
 export VPS_COMMIT_SHA
-SSH_SERVER_PRIVATE_KEY="$(cat ./secrets/ssh/vps-box-server)"
-export SSH_SERVER_PRIVATE_KEY
-SSH_SERVER_PUBLIC_KEY="$(cat ./secrets/ssh/vps-box-server.pub)"
-export SSH_SERVER_PUBLIC_KEY
 # Used for keeping bash variables for run-time substituion instead of execution time substitution.
 # Taken from:
 # https://stackoverflow.com/questions/24963705/is-there-an-escape-character-for-envsubst
@@ -36,6 +32,12 @@ export NIX_PATH=nixpkgs=channel:nixos-unstable
 if [[ "$(file -b ./secrets/secret-envrc.sh)" = "data" ]];
 then
   echo 'The ./secrets/secret-envrc.sh is encrypted, not sourcing it.'
-else
-  source ./secrets/secret-envrc.sh
+  exit
 fi
+
+SSH_SERVER_PRIVATE_KEY="$(cat ./secrets/ssh/vps-box-server)"
+export SSH_SERVER_PRIVATE_KEY
+SSH_SERVER_PUBLIC_KEY="$(cat ./secrets/ssh/vps-box-server.pub)"
+export SSH_SERVER_PUBLIC_KEY
+
+source ./secrets/secret-envrc.sh
-- 
cgit v1.2.3