johba/disinto
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request 'fix: feat: disinto secrets migrate — encrypt existing plaintext .env (#33)' (#37) from fix/issue-33 into main
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details

Browse source
This commit is contained in:
dev-bot 2026-03-28 19:19:19 +00:00
commit 98a71f9192
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
bin/disinto
View file

@ -2119,6 +2119,12 @@ disinto_secrets() {
fi fi
_secrets_ensure_sops _secrets_ensure_sops
encrypt_env_file "$env_file" "$enc_file" encrypt_env_file "$env_file" "$enc_file"
# Verify decryption works
if ! sops -d "$enc_file" >/dev/null 2>&1; then
echo "Error: failed to verify .env.enc decryption" >&2
rm -f "$enc_file"
exit 1
fi
rm -f "$env_file" rm -f "$env_file"
echo "Migrated: .env -> .env.enc (plaintext removed)" echo "Migrated: .env -> .env.enc (plaintext removed)"
;; ;;