loadAgeSSHIdentity attempts to load age SSH identities in this order: 1. An SSH private key from the SopsAgeSshPrivateKeyFileEnv environment variable. 2. An SSH private key returned by executing the command from the SopsAgeSshPrivateKeyCmdEnv environment variable 3. `~/.ssh/id_ed25519` or `~/.ssh/id
()
| 323 | // 3. `~/.ssh/id_ed25519` or `~/.ssh/id_rsa`. |
| 324 | // If no age SSH identity is found, it will return nil. |
| 325 | func (key *MasterKey) loadAgeSSHIdentities() ([]age.Identity, []string, errSet) { |
| 326 | var identities []age.Identity |
| 327 | var unusedLocations []string |
| 328 | var errs errSet |
| 329 | |
| 330 | sshKeyFilePath, ok := os.LookupEnv(SopsAgeSshPrivateKeyFileEnv) |
| 331 | if ok { |
| 332 | identity, err := parseSSHIdentityFromPrivateKeyFile(sshKeyFilePath) |
| 333 | if err != nil { |
| 334 | errs = append(errs, err) |
| 335 | } else { |
| 336 | identities = append(identities, identity) |
| 337 | } |
| 338 | } else { |
| 339 | unusedLocations = append(unusedLocations, SopsAgeSshPrivateKeyFileEnv) |
| 340 | } |
| 341 | |
| 342 | sshKeyCmd, ok := os.LookupEnv(SopsAgeSshPrivateKeyCmdEnv) |
| 343 | if ok { |
| 344 | out, err := getOutputFromCmd(sshKeyCmd, []string{fmt.Sprintf("%s=%s", SopsAgeRecipientEnv, key.Recipient)}) |
| 345 | if err != nil { |
| 346 | errs = append(errs, err) |
| 347 | } else { |
| 348 | identity, err := parseSSHIdentityFromPrivateKeyCmdOutput(out) |
| 349 | if err != nil { |
| 350 | errs = append(errs, err) |
| 351 | } else { |
| 352 | identities = append(identities, identity) |
| 353 | } |
| 354 | } |
| 355 | } else { |
| 356 | unusedLocations = append(unusedLocations, SopsAgeSshPrivateKeyCmdEnv) |
| 357 | } |
| 358 | |
| 359 | userHomeDir, err := os.UserHomeDir() |
| 360 | if err != nil { |
| 361 | errs = append(errs, err) |
| 362 | } else if userHomeDir == "" { |
| 363 | log.Warnf("could not determine the user home directory: %v", err) |
| 364 | } else { |
| 365 | sshEd25519PrivateKeyPath := filepath.Join(userHomeDir, ".ssh", "id_ed25519") |
| 366 | if _, err := os.Stat(sshEd25519PrivateKeyPath); err == nil { |
| 367 | identity, err := parseSSHIdentityFromPrivateKeyFile(sshEd25519PrivateKeyPath) |
| 368 | if err != nil { |
| 369 | errs = append(errs, err) |
| 370 | } else { |
| 371 | identities = append(identities, identity) |
| 372 | } |
| 373 | } else { |
| 374 | unusedLocations = append(unusedLocations, sshEd25519PrivateKeyPath) |
| 375 | } |
| 376 | |
| 377 | sshRsaPrivateKeyPath := filepath.Join(userHomeDir, ".ssh", "id_rsa") |
| 378 | if _, err := os.Stat(sshRsaPrivateKeyPath); err == nil { |
| 379 | identity, err := parseSSHIdentityFromPrivateKeyFile(sshRsaPrivateKeyPath) |
| 380 | if err != nil { |
| 381 | errs = append(errs, err) |
| 382 | } else { |
no test coverage detected