add some commands to read secret

values
2025-10-27 11:34:11 +01:00 · 2025-10-27 11:34:11 +01:00 · e92f2cf82c
commit e92f2cf82c
parent 334c0b54cc
2 changed files with 9 additions and 1 deletions
--- a/.just/vars.just
+++ b/.just/vars.just
@ -1,5 +1,6 @@
 base_path := invocation_directory() / "systems/x86_64-linux"
 sops := "nix shell nixpkgs#sops --command sops"
+yq := "nix shell nixpkgs#yq --command yq"

@_default:
  just --list
@ -19,6 +20,9 @@ list machine:

  echo "Done"
  
+@get machine key:
+  {{ sops }} decrypt {{ base_path }}/{{ machine }}/secrets.yml | {{ yq }} ".$(echo "{{ key }}" | sed -E 's/\//./g')"
+  
@remove machine key:
  {{ sops }} unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')"

--- a/.justfile
+++ b/.justfile
@ -16,3 +16,7 @@ mod machine '.just/machine.just'
  nix flake update
  git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null
  echo "Done"
+
+[doc('Introspection on flake output')]
+@select key:
+  nix eval --json .#{{ key }} | jq .