Use encrypted files instead of bws

main
Buddy Sandidge 2 weeks ago
parent 20c392b30d
commit 6507310b6f

@ -3,6 +3,11 @@
{{- $include_legacy := promptBoolOnce . "include_legacy" "include old scripts [false]" -}} {{- $include_legacy := promptBoolOnce . "include_legacy" "include old scripts [false]" -}}
{{- $bws_token := promptStringOnce . "bws_token" "BitWarden Secrets Manager Access Token" -}} {{- $bws_token := promptStringOnce . "bws_token" "BitWarden Secrets Manager Access Token" -}}
encryption = "age"
[age]
identity = "{{ .chezmoi.homeDir }}/.config/chezmoi/key.txt"
recipient = "age166qk8xkvd5cx2mqfxenw0mvmg4ghv7jzg8ffr0f0dave5lwzm38qswha8c"
[data] [data]
bws_token = {{ $bws_token | quote }} bws_token = {{ $bws_token | quote }}
development = {{ $development }} development = {{ $development }}

@ -1,6 +1,11 @@
/.idea /.idea
/README.md /README.md
/scripts/ /scripts/
/key.txt.age
{{- if not .include_legacy }} {{- if not .include_legacy }}
/.local/share/duck-encoder /.local/share/duck-encoder
{{- end }} {{- end }}
{{- if not .hellotech }}
/.config/profile/env.d/hellotech.env
/.config/profile/profile.d/trubka.sh
{{- end }}

@ -1,5 +0,0 @@
# chezmoi:template:left-delimiter=#{{
#{{- /* vim: set filetype=sh: */ -}}
#{{- if and .hellotech .bws_token -}}
ATLASSIAN_TOKEN=#{{ (bitwardenSecrets "70fbcffa-2cb1-4ddf-9b1f-b18c015c9ba9" .bws_token).value }}
#{{- end }}

@ -1,6 +0,0 @@
# chezmoi:template:left-delimiter=#{{
#{{- /* vim: set filetype=sh: */ -}}
#{{- if and .hellotech .bws_token -}}
CLOUDFLARE_EMAIL=#{{ (bitwardenSecrets "fbc453ba-4c18-4471-82a3-b18c015e40c5" .bws_token).value }}
CLOUDFLARE_KEY=#{{ (bitwardenSecrets "c8aff966-4232-4629-8a08-b18c015e5da8" .bws_token).value }}
#{{- end }}

@ -0,0 +1,16 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZ3V6RUc4c1hFV1dITjdB
elljUSt0ZUxVT0FLeWZuc05RT25DUUtvcFRZClZRVFh4bGp1eWhCYWJ0cG5MMWpB
dUlLdzZTZHBxSXVzL1IxczI5SFdOQ2MKLS0tIHZ4N3NpS1dWZElla1ZmejNKeGxF
dHorbHV6d1kwZ1pwRlB2ZDVCNnBxWGcK1IAjC/PhDxzizYfd2uvkmhgALMUpxdAd
5QZke6zi6cDhHzHpg68I4p+afdKCGgtSMZ1dGrCqVlKIBkqzcjET9SJLHbmbncU+
qXC+sjWQUXqUGS8ZOYsRiLEtYQgpqSA672lYYud/8YSJlDJfc9wekcfgZX7MQWJz
mgcXl+WA1aqf4FVVtXp06o93hKtqIjO84oV6bEOLL0P2mLc5+GEwuvuDMQLsYlL2
oKZamHTNRNjq2cFVZ6hqZlU7yXBk+mUKATS7SI14dQzFRi/rqSi+/t2TJ2eNU+B5
cTBs9spaXoKUhEctMG5Riz6wM1/kYWRNlB7s3DauHV31p6pUf3rwUjT185wfdKKP
DHIKLGx2zisXpmp2bLRnYSjHEoKYfAIZkTUZnQ0zzZJ2juJzj8cc8X3j6WlHzj7f
KVgWZPqbDD6FsI7WNzYSop8B35zY+V0kO037Gaq5q0NUtKwkwffpOQ05tBkF1PVK
Pwl4ZBCtsZcw+KZ243gWTgDBsqHrbDq0KuTM1e1h8t4i5KcOqv5NU4pTZrgdgvl3
IxdwAzOKxyuQsgp46vcgF+4YC88fukjzfNpkSncARFvn1/fSIt1y8UEOyYte1TUw
uFEDifSZwHmD
-----END AGE ENCRYPTED FILE-----

@ -0,0 +1,8 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTMlUzMEdOK0h2SlB0eG1G
N2E2N2ZVNWN1ZVJFbGNLRm05NWtINjY0VmxnCkp6Q3NMSURsOWNlZmZKUjFJZDNX
Zk5EU1dVa0JNNDQ0TVBYSDM0QmJFdHcKLS0tIEFxVTlyd21zQmdnbGpLeE4vOWJ4
elVualRPSGgrb1Fub3FMRmRlaFVSYWcKWEE8MKGcsEhZshxM17468m5xlDaGH66f
J2cbjyBRIG1wcVgpCSAPRw8Vd1wUIWJFnyFzyiwnrHcPBM+M/JNZDmadNOAyADhc
MgqPsEeD2k1Kcro3zthL0kl4+TNEremTZ9Zx
-----END AGE ENCRYPTED FILE-----

@ -1,5 +0,0 @@
# chezmoi:template:left-delimiter=#{{
#{{- /* vim: set filetype=sh: */ -}}
#{{- if and .hellotech .bws_token -}}
LINEAR_APP_TOKEN=#{{ (bitwardenSecrets "76693d18-eeb1-4019-976d-b18c015f7048" .bws_token).value }}
#{{- end }}

@ -1,5 +0,0 @@
# chezmoi:template:left-delimiter=#{{
#{{- /* vim: set filetype=sh: */ -}}
#{{- if .bws_token -}}
OPENAI_API_KEY=#{{ (bitwardenSecrets "579bd247-2357-4817-a033-b18c0161b7f1" .bws_token).value }}
#{{- end }}

@ -1,5 +0,0 @@
# chezmoi:template:left-delimiter=#{{
#{{- /* vim: set filetype=sh: */ -}}
#{{- if and .hellotech .bws_token -}}
PULUMI_ACCESS_TOKEN=#{{ (bitwardenSecrets "4688eb1b-e889-468f-ba40-b18c01607ae8" .bws_token).value }}
#{{- end }}

@ -0,0 +1,29 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByVFlFRHRvWStKMTZyOEpo
RGIzanlLNjVpbCtYUStVUFdVbWlRYndVdEVjCk8xbGZGWUZkQmRxaW9mcWx4clk4
VlUrRERybGViNENQOHVHcTdCckwxNW8KLS0tIDBvbUNnc3pPUjh6aVQ3R2hYS09I
aEJWV2J5TzZDcmt3NktmY0ZiT2Z5MWsKG8kpxjFDk8/3vFyMytpxXVHZaansazav
yJ7fAgTWFW/uCf1ktzLtaQLHMl7Jd1BuVildgTIIX7dcDNEFcLF9p4+lputdO9E1
NjjxXv8l/srRK1KjGf5tDrtPzD0QMgm4FMtO3c8on83S2T0J79VR8SdexCUKPNbd
/QUjm8PwMd6sv+4pEU+awEPgEagh0u4gZ858jF8Z+lwm83ZZflxEbxwyjWA70Ll8
2XN5BwL5xKxGZ1ydAjlGL+FKhBUvQBesi4+PnXSChhkUSIHVp5ad3mk1FWMAXUAs
moM8kxoko4R9MhXkrzh3xXcqAwvWhruW1kVz7pi9sYusTvY9r1xKZUdGybTPDNe/
duwtxurYZecgKlFa2iUGVrzEflUNiySDWcpwnAYQ77Bm4r89SjsXrPi8QJZe0fL0
rpl7FuqLv9+eA2S4E4ojSg7u4imy2i+gEoN+BRH1nGeWSWSIs3iwI02KsB0Q3MAo
N4dOMlQC80FOyY/pp75JVaIdekJf+kmXBXGphCo21glHYpeUuQ4UTt8YNNUBQQVe
IF8XvXdaqpmrXMo8DRYMEe/vthT7zKGdfhyDuKrHVcO3mz7ZSTi3oxOe3fRvrtNA
LcmnuCnLqUEGH6YKWHtbD5bud1juyb1yg4OPQioKd/z7rSaxCxynza50CdFxUJcs
EoD2t9wBV2qWTUtXFZen4XL7PsG2P3NxGVh3uqXemgs0MFJ7huuro/mNb9WhhgPm
KfqbkpuOLrQWLpSuimwYi/3hksAV/Ca64Igp8ApkZjSV9GwHzmXnI6bfOWLDCeuL
qUTulOwiN6AVsBGUH3Mek913tYa2TsWhpt/ukOOZeO5tGPBxI/v6DfU6636k/ojE
Dd2QxfDfTWuR//sf+Aj5++SIPAzAXxk3qAA3kmhad1knBcnVUkT6yiUuFmoxy7Vi
K72lvcCP7yiSpC87vTVeyc8pvEOJX4ruaE/1YNYpRWnGGpe8kI7yWXRSCvWMXCOK
1C1lUXOs3Xyl+r1gQKgT/FTdYtJmXKDiqRRcDJlr1fM8GDUJ3xTMTQovYdv4B/En
SljbSuyLL7xtB/tbQfcwH9j9loMOidrfDARlYlSxRIiMz1WIPDACTbwa55jk4s2o
tsVj6kNsZyj41PBPayND+hbKqGlCORecRv769C+ZoEUAyc4l9HZIHMbzzsbYDV1t
3MpIpFJtAwBCT9FFFzHDB0JDwByt1J0VWsNoBIj2gdkXIRZhjEibgIGDL9a0xA7N
dKShV5kShaFlApu/4TfXRZQw7RMMPC7tVtrlZRJaKdymPjnR3KZ61HbC/raGlAhS
gEwhD7HTbCQ5utxXMXVn7KcQ3AGcHzF8i0fU9dF/dLFsiN3mQD5FWdiKXdx7ItNU
Wa+RPHMBrkJkjRkANk9I2XJjD7iwKnjccXGrP5DIz+4/oEpvLfqW0oDq2n0uWr+l
rkCpI8bhAJxj+PuYLOaNvDHGyqfgp46XsjVFoLR5Yae51f3iwazaqQ==
-----END AGE ENCRYPTED FILE-----

@ -1,32 +0,0 @@
# chezmoi:template:left-delimiter=#{{
#{{- /* vim: set filetype=sh: */ -}}
#{{- if and .hellotech .bws_token -}}
config_trubka_buddy () {
export TRUBKA_BROKERS=#{{ (bitwardenSecrets "9598a627-0d32-4398-98fb-b18c014b9d7d" .bws_token).value }}
export TRUBKA_TLS=true
export TRUBKA_PROTO_ROOT=#{{ .chezmoi.homeDir }}/hellotech/entities
export TRUBKA_SASL_USERNAME=#{{ (bitwardenSecrets "6fc85366-d6bc-438f-a75b-b18c014c7d77" .bws_token).value }}
export TRUBKA_SASL_PASSWORD=#{{ (bitwardenSecrets "d8153476-d170-4d86-9804-b18c014c9a7b" .bws_token).value }}
export TRUBKA_SASL_MECHANISM=plain
}
config_trubka_dev () {
export TRUBKA_BROKERS=#{{ (bitwardenSecrets "59d193cb-1b62-42cf-a753-b18c014cd5f6" .bws_token).value }}
export TRUBKA_TLS=true
export TRUBKA_PROTO_ROOT=#{{ .chezmoi.homeDir }}/hellotech/entities
export TRUBKA_SASL_USERNAME=#{{ (bitwardenSecrets "123253f2-f720-4a56-af15-b18c014cf26b" .bws_token).value }}
export TRUBKA_SASL_PASSWORD=#{{ (bitwardenSecrets "4cb2b59b-11ca-4cc2-a9e5-b18c014d11fd" .bws_token).value }}
export TRUBKA_SASL_MECHANISM=plain
}
config_trubka_prod () {
export TRUBKA_BROKERS=#{{ (bitwardenSecrets "1e295c46-34b6-4ee9-b801-b18c014d3102" .bws_token).value }}
export TRUBKA_TLS=true
export TRUBKA_PROTO_ROOT=#{{ .chezmoi.homeDir }}/hellotech/entities
export TRUBKA_SASL_USERNAME=#{{ (bitwardenSecrets "9d5de1a1-796d-4208-a5a7-b18c014d4e8e" .bws_token).value }}
export TRUBKA_SASL_PASSWORD=#{{ (bitwardenSecrets "a7c38ba6-95be-42c0-8ed8-b18c014d6acf" .bws_token).value }}
export TRUBKA_SASL_MECHANISM=plain
}
#{{- end }}

@ -0,0 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNjcnlwdCBFVFQ2SE1pUWErTFdnQXJX
UndQMjFRIDE4ClFOcDFwWDUyekRBRi8vZmxzTTRFa0wxZmNjRmhnL3BlTzFqN1p5
VFZsdFUKLS0tIExrdG5ZUFAraUlnSEpCTnVEL3FZcGc3MzBBbXF2aFhodklOVlk5
Zno5QnMKfWGrVFWWJvWPxoeP/tUF3ZM6sG1eFPWf97e+K9iopntaGcrvY83H+mrc
lSdTVNplSm/Erq6u+UuAi8OeKE8G/Uf4vDXfuoww0dfbTpRDQPx+rAf3/kMVlgPt
qvyhZzjaNeHV3+LKOlH9DnOGxr9an+zbndfOOid3f0YWSyVk41B04RGOdZe2w+3D
ZUxon0+4lYzBv5snj6QVmdLqZPUiTWFpenXSwafr6LoYG51D8HEYsm53eJ7ZPq12
oBIa+inji8v+B6zqIkKklF9qYGbub9SrwSyN9FKzrRmmbR0=
-----END AGE ENCRYPTED FILE-----

@ -0,0 +1,9 @@
#!/usr/bin/env bash
if [ ! -f "{{ .chezmoi.homeDir }}/.config/chezmoi/key.txt" ]; then
mkdir -p "{{ .chezmoi.homeDir }}/.config/chezmoi"
chezmoi age decrypt \
--output "{{ .chezmoi.homeDir }}/.config/chezmoi/key.txt" \
--passphrase "{{ .chezmoi.sourceDir }}/key.txt.age"
chmod 600 "{{ .chezmoi.homeDir }}/.config/chezmoi/key.txt"
fi
Loading…
Cancel
Save