add -d/--decrypt option to decrypt a file to stdout#158
Conversation
|
ryantm
left a comment
ryantm
left a comment
There was a problem hiding this comment.
looks reasonable to me, thanks!
ryantm
left a comment
ryantm
left a comment
There was a problem hiding this comment.
There is a subtle problem with this! It leaves the CLEARTEXT_DIR around after the program exits. We should fix this because it is a security issue in my opinion.
|
@ryantm I have been wondering / worrying about this possibility (leaving behind a decrypted temp file) as complexity grows. What would you think about adding a |
|
We should add tests for it. |
|
Oh damn, good catch! Will fix. |
|
This PR adds a bash-style @ryantm Do you have a strong preference for keeping the POSIX-style? I don't imagine nix will move away from bash anytime soon, and going to the former is a little easier to use in some cases and would quiet another shellcheck warning (that I silenced in #160, I don't think this lint is enabled by default). |
|
I'm okay with using Bash style tests if needed. |
|
@n8henrie I didn't add the bash-style tests, only moved them around. They're already on main: https://github.com/ryantm/agenix/blob/main/pkgs/agenix.sh#L120 |
Done, and as you said, the secret indeed stays around. Next up, I will make that test pass :) |
whentze
force-pushed
the
decrypt-only
branch
from
6c232c9 to
4afcf12
Compare
|
Done, and the test passes now. |
ryantm
force-pushed
the
decrypt-only
branch
2 times, most recently
from
a5ec292 to
97c82fc
Compare
ryantm
left a comment
ryantm
left a comment
There was a problem hiding this comment.
looks good now! I rebased it on main, squashed it down to one commit, copied the CLI help output to the readme, changed the capitalization of the help output slightly
3 participants
See #154 (comment) for some discussion.
The implementation is not super pretty, but works. Feel free to pick on the style.
I also replaced one of the
EDITOR=catinvocations in the integration test with usage of this option.Speaking of which, that test takes forever to run for me, it seems to wait for 5 minutes for sshd to time out. Is that expected? Maybe something related to missing entropy?