From 4d647e1ec07ac7f0f98b4d01ff236ed47b1a1715 Mon Sep 17 00:00:00 2001 From: Mark Kaulertz Date: Fri, 20 Jun 2025 15:43:07 +0200 Subject: [PATCH] Update entrypoint.sh --- entrypoint.sh | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 6344ea6..31d093a 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,18 +2,23 @@ set -e # --- Configuration (from Environment Variables) --- -APP_NAME="${APP_NAME:-sops-init}" +# UPDATED: Set the default APP_NAME for logging +APP_NAME="${APP_NAME:-sops-decrypt}" GPG_KEY_PATH="${GPG_KEY_PATH:-/run/secrets/gpg_key}" -GPG_PASSPHRASE_PATH="${GPG_PASSPHRASE_PATH}" -SOPS_INPUT_DIR="${SOPS_INPUT_DIR:-/config_in}" -SOPS_OUTPUT_DIR="${SOPS_OUTPUT_DIR:-/config_out}" +GPG_PASSPHRASE_PATH="${GPG_PASSPHRASE_PATH:-/run/secrets/gpg_passphrase}" +SOPS_INPUT_DIR="${SOPS_INPUT_DIR:-/in}" +SOPS_OUTPUT_DIR="${SOPS_OUTPUT_DIR:-/out}" +SOPS_VERBOSE="${SOPS_VERBOSE:-false}" + # --- Script Logic --- echo "✅ $APP_NAME: Configuration materializer started." +if [ "$SOPS_VERBOSE" = "true" ]; then + echo "🐞 $APP_NAME: VERBOSE mode enabled." +fi echo "➡️ $APP_NAME: Input Dir: '$SOPS_INPUT_DIR', Output Dir: '$SOPS_OUTPUT_DIR'" # --- GPG Key Import and Unlocking --- -# (This section is unchanged as it is working correctly) echo "🔄 $APP_NAME: Starting GPG Agent..." unset GPG_AGENT_INFO eval $(gpg-agent --daemon --pinentry-mode loopback) @@ -25,11 +30,7 @@ fi echo "🔐 $APP_NAME: Importing GPG private key..." gpg --batch --import "$GPG_KEY_PATH" -if [ -n "$GPG_PASSPHRASE_PATH" ]; then - if [ ! -f "$GPG_PASSPHRASE_PATH" ]; then - echo "❌ $APP_NAME: ERROR: GPG passphrase file not found at '$GPG_PASSPHRASE_PATH'" - exit 1 - fi +if [ -n "$GPG_PASSPHRASE_PATH" ] && [ -f "$GPG_PASSPHRASE_PATH" ]; then echo "🔑 $APP_NAME: Unlocking key to cache passphrase with GPG Agent..." KEY_FINGERPRINT=$(gpg --with-colons --import-options import-show --import < "$GPG_KEY_PATH" | awk -F: '/^sec:/ { print $5 }') if [ -z "$KEY_FINGERPRINT" ]; then @@ -44,23 +45,27 @@ fi # --- File Processing Loop --- echo "🔎 $APP_NAME: Processing all files in '$SOPS_INPUT_DIR'..." -# Find ALL files (-type f) in the input directory find "$SOPS_INPUT_DIR" -type f | while read -r source_file; do relative_path="${source_file#$SOPS_INPUT_DIR/}" destination_file="${SOPS_OUTPUT_DIR}/${relative_path}" - # Ensure the destination directory exists mkdir -p "$(dirname "$destination_file")" - # Attempt to decrypt the file. Redirect stderr to /dev/null to keep logs clean. - if sops --decrypt "$source_file" > "$destination_file" 2>/dev/null; then - # If decryption succeeds, log it. + SOPS_CMD="sops --decrypt" + if [ "$SOPS_VERBOSE" = "true" ]; then + SOPS_CMD="$SOPS_CMD --verbose" + fi + SOPS_CMD="$SOPS_CMD \"$source_file\" > \"$destination_file\"" + if [ "$SOPS_VERBOSE" != "true" ]; then + SOPS_CMD="$SOPS_CMD 2>/dev/null" + fi + + if eval "$SOPS_CMD"; then echo " decrypted ✅ $relative_path" else - # If decryption fails, it's not a SOPS file. Copy it verbatim instead. echo " copied ↪️ $relative_path" cp "$source_file" "$destination_file" fi done -echo "🎉 $APP_NAME: All files processed. Exiting." +echo "🎉 $APP_NAME: All files processed. Exiting." \ No newline at end of file