johba/disinto
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: Address review feedback on SOPS integration (#613)

Browse source 
- Warn on stderr when .env.enc decryption fails instead of silent || true
- Guard ensure_age_key() against empty age-keygen -y output
- Fix stale comment on write_secrets_encrypted()

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
openhands 2026-03-23 19:04:58 +00:00
parent 5ccf09b28d
commit 3e2f8f9623
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
bin/disinto
View file

@ -72,6 +72,7 @@ ensure_age_key() {
if [ -f "$key_file" ]; then
AGE_PUBLIC_KEY="$(age-keygen -y "$key_file" 2>/dev/null)"
[ -n "$AGE_PUBLIC_KEY" ] || return 1
export AGE_PUBLIC_KEY
return 0
fi
@ -84,6 +85,7 @@ ensure_age_key() {
age-keygen -o "$key_file" 2>/dev/null
chmod 600 "$key_file"
AGE_PUBLIC_KEY="$(age-keygen -y "$key_file" 2>/dev/null)"
[ -n "$AGE_PUBLIC_KEY" ] || return 1
export AGE_PUBLIC_KEY
echo "Generated age key: ${key_file}"
}
@ -106,7 +108,6 @@ encrypt_env_file() {
}
# Store secrets into .env.enc (encrypted) if SOPS + age available, else .env (plaintext).
# Reads existing .env, updates/adds vars, writes back.
write_secrets_encrypted() {
local env_file="${FACTORY_ROOT}/.env"
local enc_file="${FACTORY_ROOT}/.env.enc"