argo-crypt/git-wrapper.sh

#!/bin/bash

source /git-crypt-vault/env.sh

$(dirname $0)/git.bin "$@"
EC=$?

if [ "$1" = "checkout" -a -f ".git-crypt-key" -a ! "$GIT_CRYPT_RUNNING" = "true" ]; then
  export GIT_CRYPT_RUNNING=true
  export VAULT_TOKEN=$(HOME=/tmp/githome vault write -field=token auth/approle/login role_id="${VAULT_ROLE_ID}")

  tmpfile=$(mktemp)
  HOME=/tmp/githome vault read -field=key "secret/git-crypt/$(<.git-crypt-key)" | base64 -d >${tmpfile}
  HOME=/tmp/githome git-crypt unlock ${tmpfile}
  rm ${tmpfile}
fi

exit $EC
Fix: Execute with bash 2024-09-16 18:28:13 +00:00			`#!/bin/bash`

Load vault info from secret mount 2024-09-16 18:44:25 +00:00			`source /git-crypt-vault/env.sh`

Initial version 2024-09-16 17:51:28 +00:00			`$(dirname $0)/git.bin "$@"`
			`EC=$?`

Remove git-crypt dir check 2024-09-16 18:18:37 +00:00			`if [ "$1" = "checkout" -a -f ".git-crypt-key" -a ! "$GIT_CRYPT_RUNNING" = "true" ]; then`
Initial version 2024-09-16 17:51:28 +00:00			`export GIT_CRYPT_RUNNING=true`
Set homedirs to circumvent bugs caused by missing homedir 2024-09-16 18:52:53 +00:00			`export VAULT_TOKEN=$(HOME=/tmp/githome vault write -field=token auth/approle/login role_id="${VAULT_ROLE_ID}")`
Initial version 2024-09-16 17:51:28 +00:00
			`tmpfile=$(mktemp)`
Set homedirs to circumvent bugs caused by missing homedir 2024-09-16 18:52:53 +00:00			`HOME=/tmp/githome vault read -field=key "secret/git-crypt/$(<.git-crypt-key)" \| base64 -d >${tmpfile}`
			`HOME=/tmp/githome git-crypt unlock ${tmpfile}`
Initial version 2024-09-16 17:51:28 +00:00			`rm ${tmpfile}`
			`fi`

			`exit $EC`