loadIdentities attempts to load the age identities based on runtime environment configurations (e.g. SopsAgeKeyEnv, SopsAgeKeyFileEnv, SopsAgeSshPrivateKeyFileEnv, SopsAgeKeyUserConfigPath). It will load all found references, and expects at least one configuration to be present.
()
| 409 | // SopsAgeSshPrivateKeyFileEnv, SopsAgeKeyUserConfigPath). It will load all |
| 410 | // found references, and expects at least one configuration to be present. |
| 411 | func (key *MasterKey) loadIdentities() (ParsedIdentities, []string, errSet) { |
| 412 | identities, unusedLocations, errs := key.loadAgeSSHIdentities() |
| 413 | |
| 414 | var readers = make(map[string]identityReader, 0) |
| 415 | |
| 416 | if ageKey, ok := os.LookupEnv(SopsAgeKeyEnv); ok { |
| 417 | readers[SopsAgeKeyEnv] = identityReader{ |
| 418 | reader: strings.NewReader(ageKey), |
| 419 | allowMultipleKeysPerLine: true, |
| 420 | } |
| 421 | } else { |
| 422 | unusedLocations = append(unusedLocations, SopsAgeKeyEnv) |
| 423 | } |
| 424 | |
| 425 | if ageKeyFile, ok := os.LookupEnv(SopsAgeKeyFileEnv); ok { |
| 426 | f, err := os.Open(ageKeyFile) |
| 427 | if err != nil { |
| 428 | errs = append(errs, fmt.Errorf("failed to open %s file: %w", SopsAgeKeyFileEnv, err)) |
| 429 | } else { |
| 430 | defer f.Close() |
| 431 | readers[SopsAgeKeyFileEnv] = identityReader{ |
| 432 | reader: f, |
| 433 | allowMultipleKeysPerLine: false, |
| 434 | } |
| 435 | } |
| 436 | } else { |
| 437 | unusedLocations = append(unusedLocations, SopsAgeKeyFileEnv) |
| 438 | } |
| 439 | |
| 440 | if ageKeyCmd, ok := os.LookupEnv(SopsAgeKeyCmdEnv); ok { |
| 441 | out, err := getOutputFromCmd(ageKeyCmd, []string{fmt.Sprintf("%s=%s", SopsAgeRecipientEnv, key.Recipient)}) |
| 442 | if err != nil { |
| 443 | errs = append(errs, err) |
| 444 | } else { |
| 445 | readers[SopsAgeKeyCmdEnv] = identityReader{ |
| 446 | reader: bytes.NewReader(out), |
| 447 | allowMultipleKeysPerLine: false, |
| 448 | } |
| 449 | } |
| 450 | } else { |
| 451 | unusedLocations = append(unusedLocations, SopsAgeKeyCmdEnv) |
| 452 | } |
| 453 | |
| 454 | userConfigDir, err := getUserConfigDir() |
| 455 | if err != nil && len(readers) == 0 && len(identities) == 0 { |
| 456 | errs = append(errs, fmt.Errorf("user config directory could not be determined: %w", err)) |
| 457 | } else if userConfigDir != "" { |
| 458 | ageKeyFilePath := filepath.Join(userConfigDir, filepath.FromSlash(SopsAgeKeyUserConfigPath)) |
| 459 | f, err := os.Open(ageKeyFilePath) |
| 460 | if err != nil && !errors.Is(err, os.ErrNotExist) { |
| 461 | errs = append(errs, fmt.Errorf("failed to open file: %w", err)) |
| 462 | } else if errors.Is(err, os.ErrNotExist) && len(readers) == 0 && len(identities) == 0 { |
| 463 | unusedLocations = append(unusedLocations, ageKeyFilePath) |
| 464 | } else if err == nil { |
| 465 | defer f.Close() |
| 466 | readers[ageKeyFilePath] = identityReader{ |
| 467 | reader: f, |
| 468 | allowMultipleKeysPerLine: false, |