From a5edf116fafcb162564633713610b3e0ec92c563 Mon Sep 17 00:00:00 2001 From: rqueue Date: Mon, 19 Jul 2021 23:23:05 -0700 Subject: [PATCH] Don't save unprotected key file when exporting and providing ARCANUS_PASSWORD When providing the password via ARCANUS_PASSWORD, don't save the unprotected key file when exporting env vars. This is useful in CI environments. --- lib/arcanus/command/export.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/arcanus/command/export.rb b/lib/arcanus/command/export.rb index 00ecaea..e30ebdb 100644 --- a/lib/arcanus/command/export.rb +++ b/lib/arcanus/command/export.rb @@ -9,9 +9,13 @@ class Export < Base 'consumption by other programs' def execute - ensure_key_unlocked + if ENV.key?('ARCANUS_PASSWORD') + key = Arcanus::Key.from_protected_file(repo.locked_key_path, ENV['ARCANUS_PASSWORD']) + else + ensure_key_unlocked + key = Arcanus::Key.from_file(repo.unlocked_key_path) + end - key = Arcanus::Key.from_file(repo.unlocked_key_path) chest = Arcanus::Chest.new(key: key, chest_file_path: repo.chest_file_path) env_vars = extract_env_vars(chest.to_hash)