Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pipe (generated) key to agenix #33

Closed
edrex opened this issue Apr 8, 2021 · 5 comments · Fixed by #154
Closed

pipe (generated) key to agenix #33

edrex opened this issue Apr 8, 2021 · 5 comments · Fixed by #154

Comments

@edrex
Copy link
Contributor

edrex commented Apr 8, 2021
edited
Loading

I just got agenix set up today. Yay!

I'd like to be able to generate machine keys without a lot of manual steps. It's a small, useful thing and I'd be happy to submit and impl if we can settle on a spec.

Rather than integrating a particular password gen how about adding support for taking the cleartext from stdin?

Either overload the existing -e mode:

cat /dev/urandom | head -c 128 | agenix -e mysecret.age

or add a new mode like -i

wdyt?
@ryantm
Copy link
Owner

ryantm commented May 13, 2021

@edrex, this seems good and would also support the #9 use case. It doesn't seem like it needs a new flag, and it should be allowed even if you cannot decrypt mysecret.age, I think.

Note we may switch to this Rust implementation for the agenix CLI #23 so cc @cole-h

@edrex
Copy link
Contributor Author

edrex commented Jun 7, 2021

been afk for a bit, will pick this up (and catch up on Rust CLI status) when I get back to personal infra+Nix work

@cole-h
Copy link
Collaborator

cole-h commented Jun 8, 2021

FWIW, I've added support for reading initial contents from stdin in cole-h/agenix-cli@124ddbd. cat /dev/urandom | head -c 128 | agenix [filename] -s will create [filename] with the data read from /dev/urandom.

@veehaitch
Copy link
Contributor

Recently, ragenix also introduced support for reading from stdin for both non-existing and existing secret files. Instead of adding a new command line option, we decided to use EDITOR=-/--editor -:

cat /dev/urandom | head -c 128 | ragenix --editor "-" -e mysecret.age

@whentze
Copy link
Contributor

whentze commented May 5, 2022

FWIW, I'm using the following hackaround to make this possible with vanilla agenix:

some_cmd | EDITOR='cp /dev/stdin' agenix -e secret.age

@cole-h cole-h mentioned this issue Aug 11, 2022
Closed
ryantm added a commit that referenced this issue Feb 19, 2023
@ryantm
feature: pipe cleartext into agenix -e
344c8e4 
If STDIN is not interactive, change EDITOR to `cp /dev/stdin`.

fixes #33
@ryantm ryantm mentioned this issue Feb 19, 2023
Merged
n8henrie pushed a commit to n8henrie/agenix that referenced this issue May 5, 2023
@ryantm @n8henrie
feature: pipe cleartext into agenix -e
db85681 
If STDIN is not interactive, change EDITOR to `cp /dev/stdin`.

fixes ryantm#33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feature: pipe cleartext into agenix -e ryantm/agenix
5 participants
@ryantm @edrex @whentze @veehaitch @cole-h