feature: pipe cleartext into agenix -e

[ryantm]

If STDIN is not interactive, change EDITOR to cp /dev/stdin.

Also updates tests somewhat.

fixes #33

[whentze]

Oh yikes, this breaks another hack of mine where I set EDITOR to something else to get plaintext secrets out 😬

(Yes, this is a bit of a spacebar-heating moment, I realize.)

[ryantm]

@whentze Can you describe your hack more?

[whentze]

Yes. I have a program like this

#!/bin/sh
cp "$2" "$1"

and by calling agenix as EDITOR="that-script.sh /proc/self/fd/3" agenix -e foo.age 3>| ... I can use it in a pipe.
I know I can call age directly, but it doesn't have the same logic for finding private keys, so it doesn't work in every case.

[whentze]

Just to be clear, I'm aware this is an awful hack, and I'm not asking you to keep it supported.
But maybe another way to get the plaintext secrets out would be nice.

[ryantm]

This editor program puts the cleartext into a file called cleartext even with these changes.

#!/bin/sh
cp "$1" cleartext

[whentze]

Huh, even when STDIN is not interactive?

[ryantm]

Oh, no STDIN was interactive. I misunderstood what you are doing. Or maybe you edited it to add more after I saw it... 🤷

[whentze]

Sorry for the edits, I had realized my minimal example was too minimal and didn't actually work.

What the hack is really solving for me is the ability to use agenix secrets in a script - locally while working on a repo.

[whentze]

Would you be open to the addition of agenix --decrypt or something, that does specifically that without requiring a hack?

I can try my hand at an implementation.

[ryantm]

Yes, definitely. We're using EDITOR=cat hack a bunch in the tests in lieu of this feature too.

[n8henrie]

@whentze can you provide a sample codeblock for how one would interact with this, to make sure I understand?

Is this it?

$ agenix [-i /tmp/id_rsa] --decrypt myfile.age
mysecret

[whentze]

@n8henrie yes, exactly like that :)

See #158 for my attempt at it.