From e92f2cf82c7a4bb662cdcc15cc85d38c8b8af3d9 Mon Sep 17 00:00:00 2001
From: Chris Kruining <c.kruining@4dotnet.nl>
Date: Mon, 27 Oct 2025 11:34:11 +0100
Subject: [PATCH] add some commands to read secret values

---
 .just/vars.just | 4 ++++
 .justfile       | 6 +++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.just/vars.just b/.just/vars.just
index 46bb5fd..167144a 100644
--- a/.just/vars.just
+++ b/.just/vars.just
@@ -1,5 +1,6 @@
 base_path := invocation_directory() / "systems/x86_64-linux"
 sops := "nix shell nixpkgs#sops --command sops"
+yq := "nix shell nixpkgs#yq --command yq"
 
 @_default:
   just --list
@@ -19,6 +20,9 @@ list machine:
 
   echo "Done"
   
+@get machine key:
+  {{ sops }} decrypt {{ base_path }}/{{ machine }}/secrets.yml | {{ yq }} ".$(echo "{{ key }}" | sed -E 's/\//./g')"
+  
 @remove machine key:
   {{ sops }} unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')"
 
diff --git a/.justfile b/.justfile
index 1c9fc03..2788376 100644
--- a/.justfile
+++ b/.justfile
@@ -15,4 +15,8 @@ mod machine '.just/machine.just'
 @update:
   nix flake update
   git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null
-  echo "Done"
\ No newline at end of file
+  echo "Done"
+
+[doc('Introspection on flake output')]
+@select key:
+  nix eval --json .#{{ key }} | jq .
\ No newline at end of file