johba/disinto
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

fix: Address review feedback on SOPS integration (#613)

Browse source 
- Warn on stderr when .env.enc decryption fails instead of silent || true
- Guard ensure_age_key() against empty age-keygen -y output
- Fix stale comment on write_secrets_encrypted()

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
openhands 2026-03-23 19:04:58 +00:00
parent 5ccf09b28d
commit 3e2f8f9623
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/env.sh
View file

@ -10,7 +10,8 @@ FACTORY_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
# Load secrets: prefer .env.enc (SOPS-encrypted), fall back to plaintext .env
if [ -f "$FACTORY_ROOT/.env.enc" ] && command -v sops &>/dev/null; then
set -a
eval "$(sops -d --output-type dotenv "$FACTORY_ROOT/.env.enc" 2>/dev/null)" || true
eval "$(sops -d --output-type dotenv "$FACTORY_ROOT/.env.enc" 2>/dev/null)" \
|| echo "Warning: failed to decrypt .env.enc — secrets not loaded" >&2
set +a
elif [ -f "$FACTORY_ROOT/.env" ]; then
set -a